diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-image-list.json new file mode 100644 index 00000000000..7635008949c --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V1", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..b3905c34619 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0-trivy-report.json @@ -0,0 +1,2417 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm2jccj1qjne", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "1.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm2jccj1qjne (cbl-mariner 1.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2021-20294", + "PkgName": "binutils", + "InstalledVersion": "2.32-5.cm1", + "FixedVersion": "2.36.1-1.cm1", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20294", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "stack buffer overflow WRITE may lead to a DoS via a crafted ELF", + "Description": "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-20294", + "https://bugzilla.redhat.com/show_bug.cgi?id=1943533", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2021-20294", + "https://security.gentoo.org/glsa/202208-30", + "https://sourceware.org/bugzilla/show_bug.cgi?id=26929", + "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926", + "https://www.cve.org/CVERecord?id=CVE-2021-20294" + ], + "PublishedDate": "2021-04-29T16:15:00Z", + "LastModifiedDate": "2022-11-16T03:23:00Z" + }, + { + "VulnerabilityID": "CVE-2021-45078", + "PkgName": "binutils", + "InstalledVersion": "2.32-5.cm1", + "FixedVersion": "2.36.1-2.cm1", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45078", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "out-of-bounds write in stab_xcoff_builtin_type() in stabs.c", + "Description": "stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-45078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45078", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-45078", + "https://security.gentoo.org/glsa/202208-30", + "https://security.netapp.com/advisory/ntap-20220107-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28694", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02", + "https://ubuntu.com/security/notices/USN-5341-1", + "https://ubuntu.com/security/notices/USN-6160-1", + "https://www.cve.org/CVERecord?id=CVE-2021-45078" + ], + "PublishedDate": "2021-12-15T20:15:00Z", + "LastModifiedDate": "2022-09-28T19:54:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0.txt new file mode 100644 index 00000000000..e57e9a7cd78 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/202308.22.0.txt @@ -0,0 +1,468 @@ +Starting build on Tue Aug 22 16:26:19 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.11.4 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +iotop-0.6-7.cm1.noarch +filesystem-1.1-7.cm1.x86_64 +oniguruma-6.9.5-2.cm1.x86_64 +libgcc-9.1.0-7.cm1.x86_64 +kernel-devel-5.10.189.1-1.cm1.x86_64 +libstdc++-9.1.0-7.cm1.x86_64 +lsof-4.93.2-3.cm1.x86_64 +xz-libs-5.2.4-3.cm1.x86_64 +nmap-ncat-7.90-4.cm1.x86_64 +readline-7.0-4.cm1.x86_64 +libnfsidmap-2.3.3-8.cm1.x86_64 +pcre-8.44-2.cm1.x86_64 +keyutils-1.5.10-3.cm1.x86_64 +gmp-6.1.2-6.cm1.x86_64 +pigz-2.6-1.cm1.x86_64 +coreutils-8.30-12.cm1.x86_64 +socat-1.7.3.4-2.cm1.x86_64 +bash-4.4.23-1.cm1.x86_64 +traceroute-2.1.0-5.cm1.x86_64 +xz-5.2.4-3.cm1.x86_64 +libapparmor-2.13-12.cm1.x86_64 +kernel-5.10.189.1-1.cm1.x86_64 +moby-runc-1.1.5+azure-2.cm1.x86_64 +grub2-efi-binary-2.06~rc1-10.cm1.x86_64 +libcgroup-0.41-24.cm1.x86_64 +slang-2.3.2-3.cm1.x86_64 +llvm-8.0.1-5.cm1.x86_64 +chkconfig-1.11-2.cm1.x86_64 +libstdc++-devel-9.1.0-7.cm1.x86_64 +libffi-3.2.1-12.cm1.x86_64 +binutils-2.32-5.cm1.x86_64 +libtasn1-4.14-4.cm1.x86_64 +bpftrace-0.11.4-1.cm1.x86_64 +ca-certificates-tools-20200720-31.cm1.noarch +bcc-tools-0.12.0-1.cm1.x86_64 +util-linux-libs-2.32.1-7.cm1.x86_64 +libgpg-error-1.32-4.cm1.x86_64 +elfutils-0.176-4.cm1.x86_64 +cracklib-2.9.7-3.cm1.x86_64 +lz4-1.9.2-2.cm1.x86_64 +openssl-libs-1.1.1k-16.cm1.x86_64 +cryptsetup-libs-2.3.7-1.cm1.x86_64 +cronie-1.5.2-5.cm1.x86_64 +openssl-1.1.1k-16.cm1.x86_64 +libdb-5.3.28-6.cm1.x86_64 +expat-libs-2.5.0-1.cm1.x86_64 +pkg-config-0.29.2-4.cm1.x86_64 +expat-2.5.0-1.cm1.x86_64 +file-libs-5.38-1.cm1.x86_64 +e2fsprogs-libs-1.44.6-4.cm1.x86_64 +mariner-repos-shared-1.0-16.cm1.noarch +dbus-1.13.6-6.cm1.x86_64 +libssh2-1.9.0-1.cm1.x86_64 +curl-7.88.1-2.cm1.x86_64 +libpwquality-1.4.2-7.cm1.x86_64 +python3-3.7.16-1.cm1.x86_64 +iana-etc-2.30-5.cm1.noarch +nspr-4.33-1.cm1.x86_64 +rpm-libs-4.14.2-15.cm1.x86_64 +device-mapper-2.03.05-6.cm1.x86_64 +libcap-ng-0.7.9-3.cm1.x86_64 +rpm-build-libs-4.14.2-15.cm1.x86_64 +python3-six-1.11.0-5.cm1.noarch +python3-distro-1.6.0-2.cm1.noarch +python3-dbus-1.2.16-7.cm1.x86_64 +zchunk-1.1.5-2.cm1.x86_64 +mariner-repos-microsoft-1.0-16.cm1.noarch +cyrus-sasl-2.1.28-1.cm1.x86_64 +openssh-clients-8.9p1-3.cm1.x86_64 +libcomps-0.1.11-4.cm1.x86_64 +file-5.38-1.cm1.x86_64 +procps-ng-3.3.15-3.cm1.x86_64 +rpm-4.14.2-15.cm1.x86_64 +zstd-1.4.9-1.cm1.x86_64 +rpm-devel-4.14.2-15.cm1.x86_64 +wget-1.21.2-1.cm1.x86_64 +bridge-utils-1.6-4.cm1.x86_64 +iputils-20180629-5.cm1.x86_64 +tzdata-2023c-1.cm1.noarch +nettle-3.7.3-1.cm1.x86_64 +ca-certificates-base-20200720-31.cm1.noarch +gzip-1.12-1.cm1.x86_64 +net-tools-1.60-14.cm1.x86_64 +tar-1.32-2.cm1.x86_64 +libaio-0.3.112-3.cm1.x86_64 +libuv-1.38.0-2.cm1.x86_64 +tdnf-cli-libs-2.1.0-8.cm1.x86_64 +dnf-data-4.10.0-1.cm1.noarch +npth-1.6-3.cm1.x86_64 +gpgme-1.13.1-6.cm1.x86_64 +python3-gpg-1.13.1-6.cm1.x86_64 +mpfr-4.0.1-3.cm1.x86_64 +audit-libs-3.0-20.cm1.x86_64 +libsemanage-3.2-1.cm1.x86_64 +sudo-1.9.13p3-1.cm1.x86_64 +chrony-3.5.1-5.cm1.x86_64 +libmodulemd-2.13.0-1.cm1.x86_64 +python3-libdnf-0.65.0-1.cm1.x86_64 +python3-dnf-4.10.0-1.cm1.noarch +python3-dnf-plugins-core-4.0.22-3.cm1.x86_64 +dnf-utils-4.0.22-3.cm1.x86_64 +dracut-049-5.cm1.x86_64 +python3-markupsafe-1.1.1-1.cm1.x86_64 +python3-idna-2.7-4.cm1.noarch +python3-jinja2-2.11.3-1.cm1.noarch +python3-configobj-5.0.6-6.cm1.noarch +python3-netifaces-0.10.9-3.cm1.x86_64 +python3-prettytable-0.7.2-8.cm1.noarch +dhcp-client-4.4.2-3.cm1.x86_64 +python3-jsonpatch-1.23-4.cm1.noarch +python3-chardet-3.0.4-5.cm1.noarch +python3-asn1crypto-0.24.0-3.cm1.noarch +python3-pycparser-2.18-3.cm1.noarch +python3-pyparsing-2.2.0-7.cm1.noarch +python3-cryptography-3.3.2-2.cm1.x86_64 +python3-requests-2.22.0-3.cm1.noarch +cloud-init-azure-kvp-21.4-4.cm1.noarch +cloud-utils-growpart-0.32-3.cm1.noarch +hypervvssd-5.10.189.1-1.cm1.x86_64 +hypervfcopyd-5.10.189.1-1.cm1.x86_64 +libnl3-3.4.0-6.cm1.x86_64 +netplan-0.95-1.cm1.x86_64 +openssh-server-8.9p1-3.cm1.x86_64 +python-xml-2.7.18-14.cm1.x86_64 +libestr-0.1.10-5.cm1.x86_64 +autogen-libopts-5.18.16-5.cm1.x86_64 +libltdl-2.4.6-8.cm1.x86_64 +guile-2.0.14-3.cm1.x86_64 +librelp-1.2.17-7.cm1.x86_64 +openssh-8.9p1-3.cm1.x86_64 +gpg-pubkey-3135ce90-5e6fda74 +inotify-tools-3.14-2.cm1.x86_64 +fuse-2.9.7-7.cm1.x86_64 +check-restart-1.0.0-2.cm1.x86_64 +libmnl-1.0.4-5.cm1.x86_64 +libnetfilter_conntrack-1.0.7-4.cm1.x86_64 +libnetfilter_cthelper-1.0.0-4.cm1.x86_64 +conntrack-tools-1.4.5-6.cm1.x86_64 +ebtables-legacy-2.0.11-6.cm1.x86_64 +perl-5.30.3-3.cm1.x86_64 +utf8proc-2.2.0-3.cm1.x86_64 +perl-DBI-1.641-3.cm1.x86_64 +python2-2.7.18-14.cm1.x86_64 +apr-util-1.6.3-1.cm1.x86_64 +subversion-1.14.0-5.cm1.x86_64 +git-2.33.8-1.cm1.x86_64 +mariner-release-1.0-66.cm1.noarch +ipset-7.1-2.cm1.x86_64 +glibc-2.28-24.cm1.x86_64 +jq-1.5-6.cm1.x86_64 +pcre-libs-8.44-2.cm1.x86_64 +libtirpc-1.1.4-5.cm1.x86_64 +zlib-1.2.12-2.cm1.x86_64 +libpcap-1.9.1-2.cm1.x86_64 +ncurses-libs-6.4-1.cm1.x86_64 +rpcbind-1.2.5-3.cm1.x86_64 +bzip2-libs-1.0.6-15.cm1.x86_64 +libevent-2.1.8-3.cm1.x86_64 +libcap-2.26-3.cm1.x86_64 +nfs-utils-2.3.3-8.cm1.x86_64 +libselinux-3.2-1.cm1.x86_64 +psmisc-23.2-4.cm1.x86_64 +grep-3.1-5.cm1.x86_64 +sysstat-12.3.3-2.cm1.x86_64 +libsepol-3.2-2.cm1.x86_64 +zip-3.0-5.cm1.x86_64 +kmod-25-4.cm1.x86_64 +libseccomp-2.4.1-2.cm1.x86_64 +shim-15.4-2.cm1.x86_64 +apparmor-parser-2.13-12.cm1.x86_64 +popt-1.16-7.cm1.x86_64 +moby-containerd-1.6.6+azure-10.cm1.x86_64 +newt-0.52.21-1.cm1.x86_64 +clang-libs-8.0.1-5.cm1.x86_64 +ca-certificates-shared-20200720-31.cm1.noarch +clang-8.0.1-5.cm1.x86_64 +p11-kit-0.23.22-1.cm1.x86_64 +bcc-0.12.0-1.cm1.x86_64 +p11-kit-trust-0.23.22-1.cm1.x86_64 +python3-bcc-0.12.0-1.cm1.x86_64 +ca-certificates-20200720-31.cm1.noarch +bcc-examples-0.12.0-1.cm1.x86_64 +elfutils-libelf-0.176-4.cm1.x86_64 +libgcrypt-1.8.7-3.cm1.x86_64 +glib-2.58.0-10.cm1.x86_64 +pam-1.5.1-2.cm1.x86_64 +json-c-0.14-3.cm1.x86_64 +device-mapper-libs-2.03.05-6.cm1.x86_64 +systemd-239-44.cm1.x86_64 +logrotate-3.20.0-1.cm1.x86_64 +zstd-libs-1.4.9-1.cm1.x86_64 +sqlite-libs-3.34.1-2.cm1.x86_64 +ncurses-6.4-1.cm1.x86_64 +lua-5.3.5-9.cm1.x86_64 +util-linux-2.32.1-7.cm1.x86_64 +libxml2-2.9.14-3.cm1.x86_64 +krb5-1.18.4-3.cm1.x86_64 +libassuan-2.5.1-3.cm1.x86_64 +zchunk-libs-1.1.5-2.cm1.x86_64 +curl-libs-7.88.1-2.cm1.x86_64 +cracklib-dicts-2.9.7-3.cm1.x86_64 +gdbm-1.18-3.cm1.x86_64 +python3-libs-3.7.16-1.cm1.x86_64 +mariner-rpm-macros-1.0-8.cm1.noarch +nss-libs-3.73-1.cm1.x86_64 +libsolv-0.7.20-1.cm1.x86_64 +device-mapper-event-libs-2.03.05-6.cm1.x86_64 +device-mapper-event-2.03.05-6.cm1.x86_64 +iptables-1.8.3-6.cm1.x86_64 +python3-dateutil-2.7.3-4.cm1.noarch +python3-curses-3.7.16-1.cm1.x86_64 +cryptsetup-2.3.7-1.cm1.x86_64 +pinentry-1.1.0-3.cm1.x86_64 +mariner-repos-1.0-16.cm1.noarch +openldap-2.4.57-3.cm1.x86_64 +e2fsprogs-1.44.6-4.cm1.x86_64 +python3-libcomps-0.1.11-4.cm1.x86_64 +libedit-3.1.20180525-5.cm1.x86_64 +libarchive-3.6.1-2.cm1.x86_64 +iproute-4.18.0-5.cm1.x86_64 +zstd-devel-1.4.9-1.cm1.x86_64 +python3-rpm-4.14.2-15.cm1.x86_64 +bc-1.07.1-4.cm1.x86_64 +cpio-2.13-3.cm1.x86_64 +irqbalance-1.6.0-4.cm1.x86_64 +which-2.21-7.cm1.x86_64 +bzip2-1.0.6-15.cm1.x86_64 +findutils-4.6.0-8.cm1.x86_64 +libtool-2.4.6-8.cm1.x86_64 +sed-4.5-3.cm1.x86_64 +vim-9.0.1562-1.cm1.x86_64 +lvm2-2.03.05-6.cm1.x86_64 +bind-utils-9.16.37-2.cm1.x86_64 +tdnf-2.1.0-8.cm1.x86_64 +libksba-1.3.5-5.cm1.x86_64 +gnupg2-2.2.20-4.cm1.x86_64 +librepo-1.14.2-1.cm1.x86_64 +tdnf-plugin-repogpgcheck-2.1.0-8.cm1.x86_64 +gawk-4.2.1-4.cm1.x86_64 +audit-3.0-20.cm1.x86_64 +shadow-utils-4.9-8.cm1.x86_64 +core-packages-container-0.1-27.cm1.x86_64 +libyaml-0.2.1-3.cm1.x86_64 +libdnf-0.65.0-1.cm1.x86_64 +python3-hawkey-0.65.0-1.cm1.x86_64 +dnf-4.10.0-1.cm1.noarch +dnf-plugins-core-4.0.22-3.cm1.x86_64 +core-packages-base-image-0.1-27.cm1.x86_64 +initramfs-2.0-8.cm1.x86_64 +python3-xml-3.7.16-1.cm1.x86_64 +python3-setuptools-3.7.16-1.cm1.noarch +python3-PyYAML-3.13-5.cm1.x86_64 +python3-jsonschema-2.6.0-5.cm1.noarch +python3-oauthlib-2.1.0-4.cm1.noarch +dhcp-libs-4.4.2-3.cm1.x86_64 +python3-jsonpointer-2.0-3.cm1.noarch +python3-certifi-2018.10.15-5.cm1.noarch +python3-urllib3-1.25.9-2.cm1.noarch +python3-pyasn1-0.4.4-3.cm1.noarch +python3-cffi-1.14.5-1.cm1.x86_64 +python3-packaging-17.1-6.cm1.noarch +python3-pyOpenSSL-18.0.0-6.cm1.noarch +cloud-init-21.4-4.cm1.noarch +gptfdisk-1.0.4-4.cm1.x86_64 +hyperv-daemons-license-5.10.189.1-1.cm1.noarch +hypervkvpd-5.10.189.1-1.cm1.x86_64 +hyperv-daemons-5.10.189.1-1.cm1.x86_64 +wpa_supplicant-2.10-1.cm1.x86_64 +ncurses-term-6.4-1.cm1.x86_64 +python2-libs-2.7.18-14.cm1.x86_64 +gc-8.0.0-3.cm1.x86_64 +libfastjson-0.99.8-4.cm1.x86_64 +glibc-iconv-2.28-24.cm1.x86_64 +libunistring-0.9.10-4.cm1.x86_64 +gnutls-3.6.14-9.cm1.x86_64 +rsyslog-8.37.0-8.cm1.x86_64 +WALinuxAgent-2.2.54.2-4.cm1.noarch +gpg-pubkey-be1229cf-5631588c +boost-1.66.0-4.cm1.x86_64 +blobfuse-1.3.6-14.cm1.x86_64 +cifs-utils-6.8-6.cm1.x86_64 +libnfnetlink-1.0.1-4.cm1.x86_64 +libnetfilter_queue-1.0.3-4.cm1.x86_64 +libnetfilter_cttimeout-1.0.0-4.cm1.x86_64 +dnf-automatic-4.10.0-1.cm1.noarch +ethtool-5.0-2.cm1.x86_64 +apr-1.6.5-6.cm1.x86_64 +perl-CGI-4.40-2.cm1.noarch +perl-YAML-1.26-4.cm1.noarch +nss-3.73-1.cm1.x86_64 +libserf-1.3.9-6.cm1.x86_64 +subversion-perl-1.14.0-5.cm1.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 3.4G 0 3.4G 0% /dev +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 3.4G 636K 3.4G 1% /run +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sda3 30G 20G 8.4G 70% / +tmpfs 3.4G 4.0K 3.4G 1% /tmp +/dev/sda2 459M 31M 399M 8% /boot +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 681M 0 681M 0% /run/user/1000 +Using kernel: +Linux version 5.10.189.1-1.cm1 (root@CBL-Mariner) (gcc (GCC) 9.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP Fri Aug 11 06:01:48 UTC 2023 +Install completed successfully on Tue Aug 22 16:49:53 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V1 +Feature flags: None +Container runtime: containerd +FIPS enabled: false +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="1.0.20230811" +ID=mariner +VERSION_ID="1.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-image-list.json index 4d8b3cb4b72..7635008949c 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V1", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-report.json index 453b0ae54da..b3905c34619 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvm3bxuoaltco", + "ArtifactName": "pkrvm2jccj1qjne", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvm3bxuoaltco (cbl-mariner 1.0.20230811)", + "Target": "pkrvm2jccj1qjne (cbl-mariner 1.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner", "Vulnerabilities": [ @@ -1698,7 +1698,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1707,7 +1709,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1857,7 +1859,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1866,7 +1870,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2016,7 +2020,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2025,7 +2031,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2175,7 +2181,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2184,7 +2192,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2337,7 +2345,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2346,7 +2356,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest.txt index 886c8600f4f..e57e9a7cd78 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen1/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:07:57 UTC 2023 +Starting build on Tue Aug 22 16:26:19 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:07 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:07 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:10 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:10 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:12 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:12 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:15 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:15 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:15 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin iotop-0.6-7.cm1.noarch filesystem-1.1-7.cm1.x86_64 @@ -436,19 +437,19 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on devtmpfs 3.4G 0 3.4G 0% /dev tmpfs 3.4G 0 3.4G 0% /dev/shm -tmpfs 3.4G 632K 3.4G 1% /run +tmpfs 3.4G 636K 3.4G 1% /run tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup -/dev/sda3 30G 20G 8.6G 70% / +/dev/sda3 30G 20G 8.4G 70% / tmpfs 3.4G 4.0K 3.4G 1% /tmp /dev/sda2 459M 31M 399M 8% /boot /dev/sdb1 14G 28K 13G 1% /mnt tmpfs 681M 0 681M 0% /run/user/1000 Using kernel: Linux version 5.10.189.1-1.cm1 (root@CBL-Mariner) (gcc (GCC) 9.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP Fri Aug 11 06:01:48 UTC 2023 -Install completed successfully on Wed Aug 16 17:29:29 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 16:49:53 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V1 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-image-list.json new file mode 100644 index 00000000000..e90565fd277 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V1gen2", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..29964c725e2 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0-trivy-report.json @@ -0,0 +1,2417 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm4h4ru9b6o2", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "1.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm4h4ru9b6o2 (cbl-mariner 1.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2021-20294", + "PkgName": "binutils", + "InstalledVersion": "2.32-5.cm1", + "FixedVersion": "2.36.1-1.cm1", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20294", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "stack buffer overflow WRITE may lead to a DoS via a crafted ELF", + "Description": "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-20294", + "https://bugzilla.redhat.com/show_bug.cgi?id=1943533", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2021-20294", + "https://security.gentoo.org/glsa/202208-30", + "https://sourceware.org/bugzilla/show_bug.cgi?id=26929", + "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926", + "https://www.cve.org/CVERecord?id=CVE-2021-20294" + ], + "PublishedDate": "2021-04-29T16:15:00Z", + "LastModifiedDate": "2022-11-16T03:23:00Z" + }, + { + "VulnerabilityID": "CVE-2021-45078", + "PkgName": "binutils", + "InstalledVersion": "2.32-5.cm1", + "FixedVersion": "2.36.1-2.cm1", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45078", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "out-of-bounds write in stab_xcoff_builtin_type() in stabs.c", + "Description": "stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-45078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45078", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-45078", + "https://security.gentoo.org/glsa/202208-30", + "https://security.netapp.com/advisory/ntap-20220107-0002/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28694", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02", + "https://ubuntu.com/security/notices/USN-5341-1", + "https://ubuntu.com/security/notices/USN-6160-1", + "https://www.cve.org/CVERecord?id=CVE-2021-45078" + ], + "PublishedDate": "2021-12-15T20:15:00Z", + "LastModifiedDate": "2022-09-28T19:54:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0.txt new file mode 100644 index 00000000000..e27dd0257c7 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/202308.22.0.txt @@ -0,0 +1,469 @@ +Starting build on Tue Aug 22 16:26:45 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.11.4 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +iotop-0.6-7.cm1.noarch +filesystem-1.1-7.cm1.x86_64 +oniguruma-6.9.5-2.cm1.x86_64 +libgcc-9.1.0-7.cm1.x86_64 +kernel-devel-5.10.189.1-1.cm1.x86_64 +libstdc++-9.1.0-7.cm1.x86_64 +lsof-4.93.2-3.cm1.x86_64 +xz-libs-5.2.4-3.cm1.x86_64 +nmap-ncat-7.90-4.cm1.x86_64 +readline-7.0-4.cm1.x86_64 +libnfsidmap-2.3.3-8.cm1.x86_64 +pcre-8.44-2.cm1.x86_64 +keyutils-1.5.10-3.cm1.x86_64 +gmp-6.1.2-6.cm1.x86_64 +pigz-2.6-1.cm1.x86_64 +coreutils-8.30-12.cm1.x86_64 +socat-1.7.3.4-2.cm1.x86_64 +bash-4.4.23-1.cm1.x86_64 +traceroute-2.1.0-5.cm1.x86_64 +xz-5.2.4-3.cm1.x86_64 +libapparmor-2.13-12.cm1.x86_64 +kernel-5.10.189.1-1.cm1.x86_64 +moby-runc-1.1.5+azure-2.cm1.x86_64 +grub2-efi-binary-2.06~rc1-10.cm1.x86_64 +libcgroup-0.41-24.cm1.x86_64 +slang-2.3.2-3.cm1.x86_64 +llvm-8.0.1-5.cm1.x86_64 +chkconfig-1.11-2.cm1.x86_64 +libstdc++-devel-9.1.0-7.cm1.x86_64 +libffi-3.2.1-12.cm1.x86_64 +binutils-2.32-5.cm1.x86_64 +libtasn1-4.14-4.cm1.x86_64 +bpftrace-0.11.4-1.cm1.x86_64 +ca-certificates-tools-20200720-31.cm1.noarch +bcc-tools-0.12.0-1.cm1.x86_64 +util-linux-libs-2.32.1-7.cm1.x86_64 +libgpg-error-1.32-4.cm1.x86_64 +elfutils-0.176-4.cm1.x86_64 +cracklib-2.9.7-3.cm1.x86_64 +lz4-1.9.2-2.cm1.x86_64 +openssl-libs-1.1.1k-16.cm1.x86_64 +cryptsetup-libs-2.3.7-1.cm1.x86_64 +cronie-1.5.2-5.cm1.x86_64 +openssl-1.1.1k-16.cm1.x86_64 +libdb-5.3.28-6.cm1.x86_64 +expat-libs-2.5.0-1.cm1.x86_64 +pkg-config-0.29.2-4.cm1.x86_64 +expat-2.5.0-1.cm1.x86_64 +file-libs-5.38-1.cm1.x86_64 +e2fsprogs-libs-1.44.6-4.cm1.x86_64 +mariner-repos-shared-1.0-16.cm1.noarch +dbus-1.13.6-6.cm1.x86_64 +libssh2-1.9.0-1.cm1.x86_64 +curl-7.88.1-2.cm1.x86_64 +libpwquality-1.4.2-7.cm1.x86_64 +python3-3.7.16-1.cm1.x86_64 +iana-etc-2.30-5.cm1.noarch +nspr-4.33-1.cm1.x86_64 +rpm-libs-4.14.2-15.cm1.x86_64 +device-mapper-2.03.05-6.cm1.x86_64 +libcap-ng-0.7.9-3.cm1.x86_64 +rpm-build-libs-4.14.2-15.cm1.x86_64 +python3-six-1.11.0-5.cm1.noarch +python3-distro-1.6.0-2.cm1.noarch +python3-dbus-1.2.16-7.cm1.x86_64 +zchunk-1.1.5-2.cm1.x86_64 +mariner-repos-microsoft-1.0-16.cm1.noarch +cyrus-sasl-2.1.28-1.cm1.x86_64 +openssh-clients-8.9p1-3.cm1.x86_64 +libcomps-0.1.11-4.cm1.x86_64 +file-5.38-1.cm1.x86_64 +procps-ng-3.3.15-3.cm1.x86_64 +rpm-4.14.2-15.cm1.x86_64 +zstd-1.4.9-1.cm1.x86_64 +rpm-devel-4.14.2-15.cm1.x86_64 +wget-1.21.2-1.cm1.x86_64 +bridge-utils-1.6-4.cm1.x86_64 +iputils-20180629-5.cm1.x86_64 +tzdata-2023c-1.cm1.noarch +nettle-3.7.3-1.cm1.x86_64 +ca-certificates-base-20200720-31.cm1.noarch +gzip-1.12-1.cm1.x86_64 +net-tools-1.60-14.cm1.x86_64 +tar-1.32-2.cm1.x86_64 +libaio-0.3.112-3.cm1.x86_64 +libuv-1.38.0-2.cm1.x86_64 +tdnf-cli-libs-2.1.0-8.cm1.x86_64 +dnf-data-4.10.0-1.cm1.noarch +npth-1.6-3.cm1.x86_64 +gpgme-1.13.1-6.cm1.x86_64 +python3-gpg-1.13.1-6.cm1.x86_64 +mpfr-4.0.1-3.cm1.x86_64 +audit-libs-3.0-20.cm1.x86_64 +libsemanage-3.2-1.cm1.x86_64 +sudo-1.9.13p3-1.cm1.x86_64 +chrony-3.5.1-5.cm1.x86_64 +libmodulemd-2.13.0-1.cm1.x86_64 +python3-libdnf-0.65.0-1.cm1.x86_64 +python3-dnf-4.10.0-1.cm1.noarch +python3-dnf-plugins-core-4.0.22-3.cm1.x86_64 +dnf-utils-4.0.22-3.cm1.x86_64 +dracut-049-5.cm1.x86_64 +python3-markupsafe-1.1.1-1.cm1.x86_64 +python3-idna-2.7-4.cm1.noarch +python3-jinja2-2.11.3-1.cm1.noarch +python3-configobj-5.0.6-6.cm1.noarch +python3-netifaces-0.10.9-3.cm1.x86_64 +python3-prettytable-0.7.2-8.cm1.noarch +dhcp-client-4.4.2-3.cm1.x86_64 +python3-jsonpatch-1.23-4.cm1.noarch +python3-chardet-3.0.4-5.cm1.noarch +python3-asn1crypto-0.24.0-3.cm1.noarch +python3-pycparser-2.18-3.cm1.noarch +python3-pyparsing-2.2.0-7.cm1.noarch +python3-cryptography-3.3.2-2.cm1.x86_64 +python3-requests-2.22.0-3.cm1.noarch +cloud-init-azure-kvp-21.4-4.cm1.noarch +cloud-utils-growpart-0.32-3.cm1.noarch +hypervvssd-5.10.189.1-1.cm1.x86_64 +hypervfcopyd-5.10.189.1-1.cm1.x86_64 +libnl3-3.4.0-6.cm1.x86_64 +netplan-0.95-1.cm1.x86_64 +openssh-server-8.9p1-3.cm1.x86_64 +python-xml-2.7.18-14.cm1.x86_64 +libestr-0.1.10-5.cm1.x86_64 +autogen-libopts-5.18.16-5.cm1.x86_64 +libltdl-2.4.6-8.cm1.x86_64 +guile-2.0.14-3.cm1.x86_64 +librelp-1.2.17-7.cm1.x86_64 +openssh-8.9p1-3.cm1.x86_64 +gpg-pubkey-3135ce90-5e6fda74 +inotify-tools-3.14-2.cm1.x86_64 +fuse-2.9.7-7.cm1.x86_64 +check-restart-1.0.0-2.cm1.x86_64 +libmnl-1.0.4-5.cm1.x86_64 +libnetfilter_conntrack-1.0.7-4.cm1.x86_64 +libnetfilter_cthelper-1.0.0-4.cm1.x86_64 +conntrack-tools-1.4.5-6.cm1.x86_64 +ebtables-legacy-2.0.11-6.cm1.x86_64 +perl-5.30.3-3.cm1.x86_64 +utf8proc-2.2.0-3.cm1.x86_64 +perl-DBI-1.641-3.cm1.x86_64 +python2-2.7.18-14.cm1.x86_64 +apr-util-1.6.3-1.cm1.x86_64 +subversion-1.14.0-5.cm1.x86_64 +git-2.33.8-1.cm1.x86_64 +mariner-release-1.0-66.cm1.noarch +ipset-7.1-2.cm1.x86_64 +glibc-2.28-24.cm1.x86_64 +jq-1.5-6.cm1.x86_64 +pcre-libs-8.44-2.cm1.x86_64 +libtirpc-1.1.4-5.cm1.x86_64 +zlib-1.2.12-2.cm1.x86_64 +libpcap-1.9.1-2.cm1.x86_64 +ncurses-libs-6.4-1.cm1.x86_64 +rpcbind-1.2.5-3.cm1.x86_64 +bzip2-libs-1.0.6-15.cm1.x86_64 +libevent-2.1.8-3.cm1.x86_64 +libcap-2.26-3.cm1.x86_64 +nfs-utils-2.3.3-8.cm1.x86_64 +libselinux-3.2-1.cm1.x86_64 +psmisc-23.2-4.cm1.x86_64 +grep-3.1-5.cm1.x86_64 +sysstat-12.3.3-2.cm1.x86_64 +libsepol-3.2-2.cm1.x86_64 +zip-3.0-5.cm1.x86_64 +kmod-25-4.cm1.x86_64 +libseccomp-2.4.1-2.cm1.x86_64 +shim-15.4-2.cm1.x86_64 +apparmor-parser-2.13-12.cm1.x86_64 +popt-1.16-7.cm1.x86_64 +moby-containerd-1.6.6+azure-10.cm1.x86_64 +newt-0.52.21-1.cm1.x86_64 +clang-libs-8.0.1-5.cm1.x86_64 +ca-certificates-shared-20200720-31.cm1.noarch +clang-8.0.1-5.cm1.x86_64 +p11-kit-0.23.22-1.cm1.x86_64 +bcc-0.12.0-1.cm1.x86_64 +p11-kit-trust-0.23.22-1.cm1.x86_64 +python3-bcc-0.12.0-1.cm1.x86_64 +ca-certificates-20200720-31.cm1.noarch +bcc-examples-0.12.0-1.cm1.x86_64 +elfutils-libelf-0.176-4.cm1.x86_64 +libgcrypt-1.8.7-3.cm1.x86_64 +glib-2.58.0-10.cm1.x86_64 +pam-1.5.1-2.cm1.x86_64 +json-c-0.14-3.cm1.x86_64 +device-mapper-libs-2.03.05-6.cm1.x86_64 +systemd-239-44.cm1.x86_64 +logrotate-3.20.0-1.cm1.x86_64 +zstd-libs-1.4.9-1.cm1.x86_64 +sqlite-libs-3.34.1-2.cm1.x86_64 +ncurses-6.4-1.cm1.x86_64 +lua-5.3.5-9.cm1.x86_64 +util-linux-2.32.1-7.cm1.x86_64 +libxml2-2.9.14-3.cm1.x86_64 +krb5-1.18.4-3.cm1.x86_64 +libassuan-2.5.1-3.cm1.x86_64 +zchunk-libs-1.1.5-2.cm1.x86_64 +curl-libs-7.88.1-2.cm1.x86_64 +cracklib-dicts-2.9.7-3.cm1.x86_64 +gdbm-1.18-3.cm1.x86_64 +python3-libs-3.7.16-1.cm1.x86_64 +mariner-rpm-macros-1.0-8.cm1.noarch +nss-libs-3.73-1.cm1.x86_64 +libsolv-0.7.20-1.cm1.x86_64 +device-mapper-event-libs-2.03.05-6.cm1.x86_64 +device-mapper-event-2.03.05-6.cm1.x86_64 +iptables-1.8.3-6.cm1.x86_64 +python3-dateutil-2.7.3-4.cm1.noarch +python3-curses-3.7.16-1.cm1.x86_64 +cryptsetup-2.3.7-1.cm1.x86_64 +pinentry-1.1.0-3.cm1.x86_64 +mariner-repos-1.0-16.cm1.noarch +openldap-2.4.57-3.cm1.x86_64 +e2fsprogs-1.44.6-4.cm1.x86_64 +python3-libcomps-0.1.11-4.cm1.x86_64 +libedit-3.1.20180525-5.cm1.x86_64 +libarchive-3.6.1-2.cm1.x86_64 +iproute-4.18.0-5.cm1.x86_64 +zstd-devel-1.4.9-1.cm1.x86_64 +python3-rpm-4.14.2-15.cm1.x86_64 +bc-1.07.1-4.cm1.x86_64 +cpio-2.13-3.cm1.x86_64 +irqbalance-1.6.0-4.cm1.x86_64 +which-2.21-7.cm1.x86_64 +bzip2-1.0.6-15.cm1.x86_64 +findutils-4.6.0-8.cm1.x86_64 +libtool-2.4.6-8.cm1.x86_64 +sed-4.5-3.cm1.x86_64 +vim-9.0.1562-1.cm1.x86_64 +lvm2-2.03.05-6.cm1.x86_64 +bind-utils-9.16.37-2.cm1.x86_64 +tdnf-2.1.0-8.cm1.x86_64 +libksba-1.3.5-5.cm1.x86_64 +gnupg2-2.2.20-4.cm1.x86_64 +librepo-1.14.2-1.cm1.x86_64 +tdnf-plugin-repogpgcheck-2.1.0-8.cm1.x86_64 +gawk-4.2.1-4.cm1.x86_64 +audit-3.0-20.cm1.x86_64 +shadow-utils-4.9-8.cm1.x86_64 +core-packages-container-0.1-27.cm1.x86_64 +libyaml-0.2.1-3.cm1.x86_64 +libdnf-0.65.0-1.cm1.x86_64 +python3-hawkey-0.65.0-1.cm1.x86_64 +dnf-4.10.0-1.cm1.noarch +dnf-plugins-core-4.0.22-3.cm1.x86_64 +core-packages-base-image-0.1-27.cm1.x86_64 +initramfs-2.0-8.cm1.x86_64 +python3-xml-3.7.16-1.cm1.x86_64 +python3-setuptools-3.7.16-1.cm1.noarch +python3-PyYAML-3.13-5.cm1.x86_64 +python3-jsonschema-2.6.0-5.cm1.noarch +python3-oauthlib-2.1.0-4.cm1.noarch +dhcp-libs-4.4.2-3.cm1.x86_64 +python3-jsonpointer-2.0-3.cm1.noarch +python3-certifi-2018.10.15-5.cm1.noarch +python3-urllib3-1.25.9-2.cm1.noarch +python3-pyasn1-0.4.4-3.cm1.noarch +python3-cffi-1.14.5-1.cm1.x86_64 +python3-packaging-17.1-6.cm1.noarch +python3-pyOpenSSL-18.0.0-6.cm1.noarch +cloud-init-21.4-4.cm1.noarch +gptfdisk-1.0.4-4.cm1.x86_64 +hyperv-daemons-license-5.10.189.1-1.cm1.noarch +hypervkvpd-5.10.189.1-1.cm1.x86_64 +hyperv-daemons-5.10.189.1-1.cm1.x86_64 +wpa_supplicant-2.10-1.cm1.x86_64 +ncurses-term-6.4-1.cm1.x86_64 +python2-libs-2.7.18-14.cm1.x86_64 +gc-8.0.0-3.cm1.x86_64 +libfastjson-0.99.8-4.cm1.x86_64 +glibc-iconv-2.28-24.cm1.x86_64 +libunistring-0.9.10-4.cm1.x86_64 +gnutls-3.6.14-9.cm1.x86_64 +rsyslog-8.37.0-8.cm1.x86_64 +WALinuxAgent-2.2.54.2-4.cm1.noarch +gpg-pubkey-be1229cf-5631588c +boost-1.66.0-4.cm1.x86_64 +blobfuse-1.3.6-14.cm1.x86_64 +cifs-utils-6.8-6.cm1.x86_64 +libnfnetlink-1.0.1-4.cm1.x86_64 +libnetfilter_queue-1.0.3-4.cm1.x86_64 +libnetfilter_cttimeout-1.0.0-4.cm1.x86_64 +dnf-automatic-4.10.0-1.cm1.noarch +ethtool-5.0-2.cm1.x86_64 +apr-1.6.5-6.cm1.x86_64 +perl-CGI-4.40-2.cm1.noarch +perl-YAML-1.26-4.cm1.noarch +nss-3.73-1.cm1.x86_64 +libserf-1.3.9-6.cm1.x86_64 +subversion-perl-1.14.0-5.cm1.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 3.4G 0 3.4G 0% /dev +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 3.4G 516K 3.4G 1% /run +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sda3 30G 20G 8.4G 70% / +tmpfs 3.4G 4.0K 3.4G 1% /tmp +/dev/sda2 459M 27M 403M 7% /boot +/dev/sda1 8.0M 2.3M 5.8M 28% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 681M 0 681M 0% /run/user/1000 +Using kernel: +Linux version 5.10.189.1-1.cm1 (root@CBL-Mariner) (gcc (GCC) 9.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP Fri Aug 11 06:01:48 UTC 2023 +Install completed successfully on Tue Aug 22 16:49:51 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: false +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="1.0.20230811" +ID=mariner +VERSION_ID="1.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-image-list.json index 6ebd9fffe72..e90565fd277 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V1gen2", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-report.json index 3cb83fbb5e3..29964c725e2 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmv5h5y6dyag", + "ArtifactName": "pkrvm4h4ru9b6o2", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmv5h5y6dyag (cbl-mariner 1.0.20230811)", + "Target": "pkrvm4h4ru9b6o2 (cbl-mariner 1.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner", "Vulnerabilities": [ @@ -1698,7 +1698,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1707,7 +1709,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1857,7 +1859,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1866,7 +1870,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2016,7 +2020,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2025,7 +2031,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2175,7 +2181,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2184,7 +2192,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2337,7 +2345,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2346,7 +2356,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest.txt b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest.txt index 771a00ee26a..e27dd0257c7 100644 --- a/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMariner/gen2/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:48 UTC 2023 +Starting build on Tue Aug 22 16:26:45 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:11 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:11 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:13 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:13 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:16 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin iotop-0.6-7.cm1.noarch filesystem-1.1-7.cm1.x86_64 @@ -438,7 +439,7 @@ devtmpfs 3.4G 0 3.4G 0% /dev tmpfs 3.4G 0 3.4G 0% /dev/shm tmpfs 3.4G 516K 3.4G 1% /run tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup -/dev/sda3 30G 20G 8.6G 70% / +/dev/sda3 30G 20G 8.4G 70% / tmpfs 3.4G 4.0K 3.4G 1% /tmp /dev/sda2 459M 27M 403M 7% /boot /dev/sda1 8.0M 2.3M 5.8M 28% /boot/efi @@ -446,10 +447,10 @@ tmpfs 3.4G 4.0K 3.4G 1% /tmp tmpfs 681M 0 681M 0% /run/user/1000 Using kernel: Linux version 5.10.189.1-1.cm1 (root@CBL-Mariner) (gcc (GCC) 9.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP Fri Aug 11 06:01:48 UTC 2023 -Install completed successfully on Wed Aug 16 17:32:05 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 16:49:51 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-image-list.json new file mode 100644 index 00000000000..dc85905ed52 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V2fips", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..41b48862a04 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmy1h4jja95d", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "2.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmy1h4jja95d (cbl-mariner 2.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0.txt new file mode 100644 index 00000000000..b4d75536ac4 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/202308.22.0.txt @@ -0,0 +1,701 @@ +Starting build on Tue Aug 22 16:26:20 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.16.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +filesystem-1.1-15.cm2.x86_64 +glibc-2.35-4.cm2.x86_64 +libgcc-11.2.0-4.cm2.x86_64 +pcre-libs-8.45-2.cm2.x86_64 +libstdc++-11.2.0-4.cm2.x86_64 +zlib-1.2.13-1.cm2.x86_64 +xz-libs-5.2.5-1.cm2.x86_64 +ncurses-libs-6.4-1.cm2.x86_64 +readline-8.1-1.cm2.x86_64 +libcap-2.60-2.cm2.x86_64 +bzip2-libs-1.0.8-1.cm2.x86_64 +pcre-8.45-2.cm2.x86_64 +gmp-6.2.1-3.cm2.x86_64 +libselinux-3.2-1.cm2.x86_64 +coreutils-8.32-6.cm2.x86_64 +grep-3.7-2.cm2.x86_64 +bash-5.1.8-3.cm2.x86_64 +libsepol-3.2-2.cm2.x86_64 +xz-5.2.5-1.cm2.x86_64 +kmod-29-1.cm2.x86_64 +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch +shim-15.4-2.cm2.x86_64 +grub2-efi-binary-2.06-10.cm2.x86_64 +popt-1.18-1.cm2.x86_64 +slang-2.3.2-4.cm2.x86_64 +newt-0.52.21-4.cm2.x86_64 +chkconfig-1.20-3.cm2.x86_64 +ca-certificates-shared-2.0.0-13.cm2.noarch +libffi-3.4.2-2.cm2.x86_64 +p11-kit-0.24.1-1.cm2.x86_64 +libtasn1-4.19.0-1.cm2.x86_64 +p11-kit-trust-0.24.1-1.cm2.x86_64 +ca-certificates-tools-2.0.0-13.cm2.noarch +ca-certificates-2.0.0-13.cm2.noarch +util-linux-libs-2.37.4-6.cm2.x86_64 +libgpg-error-1.46-1.cm2.x86_64 +openssl-libs-1.1.1k-24.cm2.x86_64 +libgcrypt-1.9.4-1.cm2.x86_64 +glib-2.71.0-1.cm2.x86_64 +lz4-1.9.3-1.cm2.x86_64 +systemd-rpm-macros-250.3-17.cm2.noarch +libcap-ng-0.8.2-2.cm2.x86_64 +audit-libs-3.0.6-7.cm2.x86_64 +json-c-0.15-1.cm2.x86_64 +cracklib-2.9.7-5.cm2.x86_64 +cracklib-dicts-2.9.7-5.cm2.x86_64 +pam-1.5.1-5.cm2.x86_64 +cryptsetup-libs-2.4.3-3.cm2.x86_64 +systemd-250.3-17.cm2.x86_64 +device-mapper-libs-2.03.15-2.cm2.x86_64 +cronie-1.5.7-2.cm2.x86_64 +cronie-anacron-1.5.7-2.cm2.x86_64 +logrotate-3.20.1-1.cm2.x86_64 +openssl-1.1.1k-24.cm2.x86_64 +sqlite-libs-3.39.2-2.cm2.x86_64 +expat-libs-2.5.0-1.cm2.x86_64 +zstd-libs-1.5.0-1.cm2.x86_64 +elfutils-libelf-0.186-1.cm2.x86_64 +e2fsprogs-libs-1.46.5-3.cm2.x86_64 +krb5-1.19.4-1.cm2.x86_64 +libassuan-2.5.5-2.cm2.x86_64 +expat-2.5.0-1.cm2.x86_64 +libssh2-1.9.0-2.cm2.x86_64 +iana-etc-20211115-2.cm2.noarch +libpwquality-1.4.4-1.cm2.x86_64 +file-libs-5.40-2.cm2.x86_64 +device-mapper-2.03.15-2.cm2.x86_64 +device-mapper-event-libs-2.03.15-2.cm2.x86_64 +ncurses-6.4-1.cm2.x86_64 +lmdb-libs-0.9.29-1.cm2.x86_64 +lua-libs-5.4.4-1.cm2.x86_64 +rpm-libs-4.18.0-3.cm2.x86_64 +libsolv-0.7.24-1.cm2.x86_64 +libedit-3.1.20210910-1.cm2.x86_64 +procps-ng-3.3.17-1.cm2.x86_64 +device-mapper-event-2.03.15-2.cm2.x86_64 +util-linux-2.37.4-6.cm2.x86_64 +file-5.40-2.cm2.x86_64 +cryptsetup-2.4.3-3.cm2.x86_64 +iptables-1.8.7-3.cm2.x86_64 +dbus-1.15.2-3.cm2.x86_64 +pinentry-1.2.0-1.cm2.x86_64 +openssh-clients-8.9p1-1.cm2.x86_64 +e2fsprogs-1.46.5-3.cm2.x86_64 +libarchive-3.6.1-2.cm2.x86_64 +rpm-4.18.0-3.cm2.x86_64 +bc-1.07.1-4.cm2.x86_64 +bridge-utils-1.7.1-1.cm2.x86_64 +cpio-2.13-4.cm2.x86_64 +gdbm-1.21-1.cm2.x86_64 +iputils-20211215-1.cm2.x86_64 +irqbalance-1.8.0-2.cm2.x86_64 +libtool-2.4.6-8.cm2.x86_64 +mariner-rpm-macros-2.0-23.cm2.noarch +net-tools-2.10-2.cm2.x86_64 +tar-1.34-1.cm2.x86_64 +tzdata-2023c-1.cm2.noarch +which-2.21-8.cm2.x86_64 +libseccomp-2.5.3-1.cm2.x86_64 +nettle-3.7.3-2.cm2.x86_64 +bzip2-1.0.8-1.cm2.x86_64 +ca-certificates-base-2.0.0-13.cm2.noarch +findutils-4.8.0-4.cm2.x86_64 +gzip-1.12-1.cm2.x86_64 +sed-4.8-2.cm2.x86_64 +libmnl-1.0.4-6.cm2.x86_64 +iproute-5.15.0-2.cm2.x86_64 +libaio-0.3.112-4.cm2.x86_64 +lvm2-2.03.15-2.cm2.x86_64 +pkgconf-m4-1.8.0-3.cm2.noarch +libsemanage-3.2-2.cm2.x86_64 +shadow-utils-4.9-12.cm2.x86_64 +tdnf-cli-libs-3.5.2-2.cm2.x86_64 +libpkgconf-1.8.0-3.cm2.x86_64 +pkgconf-1.8.0-3.cm2.x86_64 +pkgconf-pkg-config-1.8.0-3.cm2.x86_64 +bind-license-9.16.33-2.cm2.noarch +libuv-1.43.0-1.cm2.x86_64 +libxml2-2.10.4-1.cm2.x86_64 +bind-libs-9.16.33-2.cm2.x86_64 +bind-utils-9.16.33-2.cm2.x86_64 +chrony-4.1-2.cm2.x86_64 +nghttp2-1.46.0-3.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 +tdnf-3.5.2-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 +libdb-5.3.28-7.cm2.x86_64 +cyrus-sasl-lib-2.1.28-4.cm2.x86_64 +openldap-2.4.57-8.cm2.x86_64 +sudo-1.9.13p3-2.cm2.x86_64 +libksba-1.6.3-1.cm2.x86_64 +npth-1.6-4.cm2.x86_64 +gnupg2-2.4.0-2.cm2.x86_64 +gpgme-1.16.0-1.cm2.x86_64 +mariner-repos-shared-2.0-8.cm2.noarch +mariner-repos-microsoft-2.0-8.cm2.noarch +mariner-repos-extras-2.0-8.cm2.noarch +mariner-repos-2.0-8.cm2.noarch +tdnf-plugin-repogpgcheck-3.5.2-2.cm2.x86_64 +core-packages-container-2.0-8.cm2.x86_64 +core-packages-base-image-2.0-8.cm2.x86_64 +dracut-055-5.cm2.x86_64 +initramfs-2.0-13.cm2.x86_64 +python3-3.9.14-6.cm2.x86_64 +python3-libs-3.9.14-6.cm2.x86_64 +zchunk-libs-1.1.16-2.cm2.x86_64 +zchunk-1.1.16-2.cm2.x86_64 +librepo-1.15.1-1.cm2.x86_64 +python3-curses-3.9.14-6.cm2.x86_64 +python3-gpg-1.16.0-1.cm2.x86_64 +dnf-data-4.8.0-2.cm2.noarch +libcomps-0.1.18-1.cm2.x86_64 +python3-libcomps-0.1.18-1.cm2.x86_64 +elfutils-default-yama-scope-0.186-1.cm2.noarch +libgomp-11.2.0-4.cm2.x86_64 +popt-devel-1.18-1.cm2.x86_64 +libyaml-0.2.5-3.cm2.x86_64 +libmodulemd-2.13.0-2.cm2.x86_64 +libdnf-0.63.1-1.cm2.x86_64 +python3-libdnf-0.63.1-1.cm2.x86_64 +python3-hawkey-0.63.1-1.cm2.x86_64 +elfutils-libelf-devel-0.186-1.cm2.x86_64 +xz-devel-5.2.5-1.cm2.x86_64 +zlib-devel-1.2.13-1.cm2.x86_64 +zstd-1.5.0-1.cm2.x86_64 +zstd-devel-1.5.0-1.cm2.x86_64 +elfutils-0.186-1.cm2.x86_64 +elfutils-devel-0.186-1.cm2.x86_64 +rpm-build-libs-4.18.0-3.cm2.x86_64 +rpm-devel-4.18.0-3.cm2.x86_64 +python3-rpm-4.18.0-3.cm2.x86_64 +python3-dnf-4.8.0-2.cm2.noarch +dnf-4.8.0-2.cm2.noarch +wget-1.21.2-1.cm2.x86_64 +python3-six-1.16.0-2.cm2.noarch +python3-markupsafe-2.1.0-1.cm2.x86_64 +python3-idna-3.3-1.cm2.noarch +python3-jinja2-3.0.3-2.cm2.noarch +python3-configobj-5.0.6-7.cm2.noarch +PyYAML-3.13-8.cm2.x86_64 +python3-jsonschema-2.6.0-6.cm2.noarch +python3-netifaces-0.11.0-1.cm2.x86_64 +python3-oauthlib-2.1.0-7.cm2.noarch +python3-setuptools-3.9.14-6.cm2.noarch +dhcp-libs-4.4.2-5.cm2.x86_64 +dhcp-client-4.4.2-5.cm2.x86_64 +python3-jsonpointer-2.2-1.cm2.noarch +python3-jsonpatch-1.32-1.cm2.noarch +python3-wcwidth-0.2.5-1.cm2.noarch +python3-prettytable-3.2.0-2.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch +python3-charset-normalizer-2.0.11-2.cm2.noarch +python3-urllib3-1.26.9-1.cm2.noarch +python3-asn1crypto-1.5.1-1.cm2.noarch +python3-pyasn1-0.4.8-1.cm2.noarch +python3-pycparser-2.21-1.cm2.noarch +python3-cffi-1.15.0-2.cm2.x86_64 +python3-pyparsing-3.0.7-1.cm2.noarch +python3-packaging-21.3-1.cm2.noarch +python3-cryptography-3.3.2-4.cm2.x86_64 +python3-pyOpenSSL-18.0.0-8.cm2.noarch +python3-requests-2.27.1-6.cm2.noarch +cloud-init-23.2-1.cm2.noarch +cloud-init-azure-kvp-23.2-1.cm2.noarch +gptfdisk-1.0.8-1.cm2.x86_64 +mpfr-4.1.0-1.cm2.x86_64 +gawk-5.1.0-2.cm2.x86_64 +cloud-utils-growpart-0.32-3.cm2.noarch +grub2-2.06-10.cm2.x86_64 +installkernel-1.0.0-2.cm2.noarch +grubby-8.40-45.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 +lzo-2.10-4.cm2.x86_64 +squashfs-tools-4.5.1-1.cm2.x86_64 +ethtool-5.16-1.cm2.x86_64 +snappy-1.1.9-2.cm2.x86_64 +kexec-tools-2.0.23-2.cm2.x86_64 +libnl3-3.5.0-3.cm2.x86_64 +wpa_supplicant-2.10-1.cm2.x86_64 +netplan-0.95-1.cm2.x86_64 +ncurses-term-6.4-1.cm2.x86_64 +openssh-server-8.9p1-1.cm2.x86_64 +libestr-0.1.11-1.cm2.x86_64 +libfastjson-0.99.9-1.cm2.x86_64 +gc-8.0.0-4.cm2.x86_64 +libmpc-1.2.1-1.cm2.x86_64 +libstdc++-devel-11.2.0-4.cm2.x86_64 +liblognorm-2.0.6-2.cm2.x86_64 +postgresql-libs-14.8-1.cm2.x86_64 +autogen-libopts-5.18.16-8.cm2.x86_64 +cyrus-sasl-2.1.28-4.cm2.x86_64 +librdkafka1-1.8.2-1.cm2.x86_64 +glibc-iconv-2.35-4.cm2.x86_64 +libltdl-2.4.6-8.cm2.x86_64 +libunistring-0.9.10-5.cm2.x86_64 +guile-2.0.14-4.cm2.x86_64 +gnutls-3.7.7-2.cm2.x86_64 +librelp-1.10.0-1.cm2.x86_64 +make-4.3-2.cm2.x86_64 +libgcc-atomic-11.2.0-4.cm2.x86_64 +libgcc-devel-11.2.0-4.cm2.x86_64 +libgomp-devel-11.2.0-4.cm2.x86_64 +gcc-c++-11.2.0-4.cm2.x86_64 +gcc-11.2.0-4.cm2.x86_64 +perl-vmsish-1.04-488.cm2.noarch +perl-version-0.99.28-488.cm2.noarch +perl-subs-1.04-488.cm2.noarch +perl-ph-5.34.1-488.cm2.x86_64 +perl-perlfaq-5.20210411-488.cm2.noarch +perl-parent-0.238-488.cm2.noarch +perl-mro-1.25-488.cm2.x86_64 +perl-meta-notation-5.34.1-488.cm2.noarch +perl-less-0.03-488.cm2.noarch +perl-if-0.60.900-488.cm2.noarch +perl-filetest-1.03-488.cm2.noarch +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch +perl-Devel-PPPort-3.62-488.cm2.x86_64 +perl-vars-1.05-488.cm2.noarch +perl-sort-2.04-488.cm2.noarch +perl-overloading-0.02-488.cm2.noarch +perl-lib-0.65-488.cm2.x86_64 +perl-experimental-0.024-488.cm2.noarch +perl-encoding-warnings-0.13-488.cm2.noarch +perl-deprecate-0.04-488.cm2.noarch +perl-constant-1.33-488.cm2.noarch +perl-base-2.27-488.cm2.noarch +perl-autouse-1.11-488.cm2.noarch +perl-Tie-Memoize-1.1-488.cm2.noarch +perl-Env-1.05-488.cm2.noarch +perl-Tie-4.6-488.cm2.noarch +perl-Term-ReadLine-1.17-488.cm2.noarch +perl-Term-Cap-1.17-488.cm2.noarch +perl-Module-Loaded-0.08-488.cm2.noarch +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch +perl-AutoLoader-5.74-488.cm2.noarch +perl-Attribute-Handlers-1.01-488.cm2.noarch +perl-Unicode-Normalize-1.28-488.cm2.x86_64 +perl-Time-Local-1.300-488.cm2.noarch +perl-Time-HiRes-1.9767-488.cm2.x86_64 +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch +perl-File-DosGlob-1.12-488.cm2.x86_64 +perl-Text-ParseWords-3.30-488.cm2.noarch +perl-Text-Abbrev-1.02-488.cm2.noarch +perl-Term-Complete-1.403-488.cm2.noarch +perl-Term-ANSIColor-5.01-488.cm2.noarch +perl-sigtrap-1.09-488.cm2.noarch +perl-SelectSaver-1.02-488.cm2.noarch +perl-DirHandle-1.05-488.cm2.noarch +perl-Symbol-1.09-488.cm2.noarch +perl-Socket-2.031-488.cm2.x86_64 +perl-Search-Dict-1.07-488.cm2.noarch +perl-threads-shared-1.62-488.cm2.x86_64 +perl-Thread-3.05-488.cm2.noarch +perl-threads-2.26-488.cm2.x86_64 +perl-Text-Balanced-2.04-488.cm2.noarch +perl-NEXT-0.68-488.cm2.noarch +perl-overload-1.33-488.cm2.noarch +perl-Time-Piece-1.3401-488.cm2.x86_64 +perl-Tie-RefHash-1.40-488.cm2.noarch +perl-Thread-Semaphore-2.13-488.cm2.noarch +perl-Thread-Queue-3.14-488.cm2.noarch +perl-Module-CoreList-5.20220313-488.cm2.noarch +perl-Scalar-List-Utils-1.55-488.cm2.x86_64 +perl-Pod-Functions-1.13-488.cm2.noarch +perl-Pod-Escapes-1.07-488.cm2.noarch +perl-Perl-OSType-1.010-488.cm2.noarch +perl-Opcode-1.50-488.cm2.x86_64 +perl-Math-Complex-1.59-488.cm2.noarch +perl-bignum-0.51-488.cm2.noarch +perl-Math-BigRat-0.2614-488.cm2.noarch +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.x86_64 +perl-Math-BigInt-1.9998.18-488.cm2.noarch +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch +perl-MIME-Base64-3.16-488.cm2.x86_64 +perl-I18N-Langinfo-0.19-488.cm2.x86_64 +perl-Params-Check-0.38-488.cm2.noarch +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch +perl-Locale-Maketext-1.29-488.cm2.noarch +perl-I18N-LangTags-0.45-488.cm2.noarch +perl-Hash-Util-FieldHash-1.21-488.cm2.x86_64 +perl-fields-2.27-488.cm2.noarch +perl-Hash-Util-0.25-488.cm2.x86_64 +perl-Getopt-Std-1.13-488.cm2.noarch +perl-Filter-Simple-0.96-488.cm2.noarch +perl-Filter-1.59-488.cm2.x86_64 +perl-FileCache-1.10-488.cm2.noarch +perl-File-Compare-1.100.600-488.cm2.noarch +perl-File-Basename-2.85-488.cm2.noarch +perl-locale-1.10-488.cm2.noarch +perl-Tie-File-1.06-488.cm2.noarch +perl-Sys-Syslog-0.36-488.cm2.x86_64 +perl-Sys-Hostname-1.23-488.cm2.x86_64 +perl-I18N-Collate-1.02-488.cm2.noarch +perl-POSIX-1.97-488.cm2.x86_64 +perl-Fcntl-1.14-488.cm2.x86_64 +perl-Errno-1.33-488.cm2.x86_64 +perl-English-1.11-488.cm2.noarch +perl-Digest-MD5-2.58-488.cm2.x86_64 +perl-Digest-1.19-488.cm2.noarch +perl-Dumpvalue-2.27-488.cm2.noarch +perl-Devel-Peek-1.30-488.cm2.x86_64 +perl-Config-Perl-V-0.33-488.cm2.noarch +perl-Config-Extensions-0.03-488.cm2.noarch +perl-Compress-Raw-Zlib-2.101-488.cm2.x86_64 +perl-User-pwent-1.03-488.cm2.noarch +perl-Time-1.03-488.cm2.noarch +perl-Net-1.02-488.cm2.noarch +perl-File-stat-1.09-488.cm2.noarch +perl-Class-Struct-0.66-488.cm2.noarch +perl-Benchmark-1.23-488.cm2.noarch +perl-autodie-2.34-488.cm2.noarch +perl-Safe-2.43-488.cm2.noarch +perl-ExtUtils-Constant-0.25-488.cm2.noarch +perl-Data-Dumper-2.179-488.cm2.x86_64 +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch +perl-B-1.82-488.cm2.x86_64 +perl-blib-1.07-488.cm2.noarch +perl-Unicode-Collate-1.29-488.cm2.x86_64 +perl-Module-Load-0.36-488.cm2.noarch +perl-Unicode-UCD-0.75-488.cm2.noarch +perl-Memoize-1.03-488.cm2.noarch +perl-Storable-3.23-488.cm2.x86_64 +perl-SelfLoader-1.26-488.cm2.noarch +perl-IPC-Open3-1.21-488.cm2.noarch +perl-IO-Socket-IP-0.41-488.cm2.noarch +perl-HTTP-Tiny-0.076-488.cm2.noarch +perl-libnet-3.13-488.cm2.noarch +perl-Net-Ping-2.74-488.cm2.noarch +perl-FileHandle-2.03-488.cm2.noarch +perl-IO-1.46-488.cm2.x86_64 +perl-FindBin-1.52-488.cm2.noarch +perl-debugger-1.60-488.cm2.noarch +perl-Test-Simple-1.302183-488.cm2.noarch +perl-Test-1.31-488.cm2.noarch +perl-Compress-Raw-Bzip2-2.101-488.cm2.x86_64 +perl-File-Temp-0.231.100-488.cm2.noarch +perl-File-Path-2.18-488.cm2.noarch +perl-IPC-Cmd-1.04-488.cm2.noarch +perl-Module-Load-Conditional-0.74-488.cm2.noarch +perl-Module-Metadata-1.000037-488.cm2.noarch +perl-ExtUtils-Command-7.62-488.cm2.noarch +perl-File-Find-1.39-488.cm2.noarch +perl-File-Fetch-1.00-488.cm2.noarch +perl-File-Copy-2.35-488.cm2.noarch +perl-ExtUtils-Manifest-1.73-488.cm2.noarch +perl-Devel-SelfStubber-1.06-488.cm2.noarch +perl-AutoSplit-5.74-488.cm2.noarch +perl-open-1.12-488.cm2.noarch +perl-encoding-3.00-488.cm2.x86_64 +perl-utils-5.34.1-488.cm2.noarch +perl-diagnostics-1.37-488.cm2.noarch +perl-Test-Harness-3.43-488.cm2.noarch +perl-podlators-4.14-488.cm2.noarch +perl-Pod-Simple-3.42-488.cm2.noarch +perl-Pod-Html-1.27-488.cm2.noarch +perl-Pod-Checker-1.74-488.cm2.noarch +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch +perl-Digest-SHA-6.02-488.cm2.x86_64 +perl-Getopt-Long-2.52-488.cm2.noarch +perl-Pod-Usage-2.01-488.cm2.noarch +perl-JSON-PP-4.06-488.cm2.noarch +perl-IO-Zlib-1.11-488.cm2.noarch +perl-Archive-Tar-2.38-488.cm2.noarch +perl-IO-Compress-2.102-488.cm2.noarch +perl-DBM_Filter-0.06-488.cm2.noarch +perl-CPAN-Meta-2.150010-488.cm2.noarch +perl-IPC-SysV-2.09-488.cm2.x86_64 +perl-libnetcfg-5.34.1-488.cm2.noarch +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch +perl-ExtUtils-Embed-1.35-488.cm2.noarch +perl-Encode-devel-3.08-488.cm2.noarch +perl-devel-5.34.1-488.cm2.x86_64 +perl-ExtUtils-Install-2.20-488.cm2.noarch +perl-CPAN-2.28-488.cm2.noarch +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch +perl-ODBM_File-1.17-488.cm2.x86_64 +perl-NDBM_File-1.15-488.cm2.x86_64 +perl-GDBM_File-1.19-488.cm2.x86_64 +perl-PathTools-3.80-488.cm2.x86_64 +perl-Exporter-5.76-488.cm2.noarch +perl-Pod-Perldoc-3.28.01-488.cm2.noarch +perl-Encode-3.08-488.cm2.x86_64 +perl-DynaLoader-1.50-488.cm2.x86_64 +perl-Carp-1.52-488.cm2.noarch +perl-5.34.1-488.cm2.x86_64 +perl-libs-5.34.1-488.cm2.x86_64 +perl-doc-5.34.1-488.cm2.noarch +perl-macros-5.34.1-488.cm2.noarch +perl-interpreter-5.34.1-488.cm2.x86_64 +net-snmp-libs-5.9.1-2.cm2.x86_64 +rsyslog-8.2204.1-3.cm2.x86_64 +sgx-backwards-compatability-1.0.0-1.cm2.x86_64 +openssh-8.9p1-1.cm2.x86_64 +python3-distro-1.6.0-2.cm2.noarch +WALinuxAgent-2.3.1.1-3.cm2.noarch +iw-5.9-1.cm2.x86_64 +wireless-regdb-2022.08.12-1.cm2.noarch +gpg-pubkey-3135ce90-5e6fda74 +gpg-pubkey-be1229cf-5631588c +inotify-tools-3.22.1.0-1.cm2.x86_64 +nspr-4.30-2.cm2.x86_64 +nss-libs-3.75-2.cm2.x86_64 +nss-3.75-2.cm2.x86_64 +libkcapi-1.3.1-2.cm2.x86_64 +libkcapi-hmaccalc-1.3.1-2.cm2.x86_64 +dracut-fips-055-5.cm2.x86_64 +fuse-2.9.7-10.cm2.x86_64 +boost-1.76.0-3.cm2.x86_64 +blobfuse-1.4.5-10.cm2.x86_64 +python3-dbus-1.2.16-3.cm2.x86_64 +python3-dateutil-2.7.3-5.cm2.noarch +python3-dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-utils-4.0.24-3.cm2.noarch +check-restart-1.0.0-2.cm2.x86_64 +keyutils-1.6.1-1.cm2.x86_64 +cifs-utils-6.14-2.cm2.x86_64 +libnfnetlink-1.0.1-5.cm2.x86_64 +libnetfilter_conntrack-1.0.8-1.cm2.x86_64 +libnetfilter_queue-1.0.5-1.cm2.x86_64 +libnetfilter_cttimeout-1.0.0-5.cm2.x86_64 +libnetfilter_cthelper-1.0.0-5.cm2.x86_64 +conntrack-tools-1.4.5-7.cm2.x86_64 +dnf-automatic-4.8.0-2.cm2.noarch +ebtables-legacy-2.0.11-6.cm2.x86_64 +apr-1.7.2-1.cm2.x86_64 +apr-util-1.6.3-1.cm2.x86_64 +utf8proc-2.6.1-2.cm2.x86_64 +libserf-1.3.9-8.cm2.x86_64 +subversion-1.14.2-1.cm2.x86_64 +subversion-perl-1.14.2-1.cm2.x86_64 +perl-YAML-1.30-2.cm2.noarch +perl-DBI-1.643-2.cm2.x86_64 +perl-CGI-4.54-3.cm2.noarch +less-590-2.cm2.x86_64 +git-2.33.8-1.cm2.x86_64 +iotop-0.6-10.cm2.noarch +ipset-7.15-1.cm2.x86_64 +oniguruma-6.9.7.1-1.cm2.x86_64 +jq-1.6-1.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 +libtirpc-1.3.3-1.cm2.x86_64 +lsof-4.94.0-1.cm2.x86_64 +libpcap-1.10.1-1.cm2.x86_64 +nmap-ncat-7.93-1.cm2.x86_64 +rpcbind-1.2.5-5.cm2.x86_64 +libnfsidmap-2.5.4-2.cm2.x86_64 +libevent-2.1.12-1.cm2.x86_64 +nfs-utils-2.5.4-2.cm2.x86_64 +pigz-2.6-2.cm2.x86_64 +psmisc-23.4-1.cm2.x86_64 +socat-1.7.4.3-1.cm2.x86_64 +sysstat-12.7.1-2.cm2.x86_64 +traceroute-2.1.0-6.cm2.x86_64 +zip-3.0-5.cm2.x86_64 +libapparmor-3.0.4-1.cm2.x86_64 +apparmor-parser-3.0.4-1.cm2.x86_64 +fuse3-libs-3.10.5-2.cm2.x86_64 +fuse-common-3.10.5-2.cm2.x86_64 +fuse3-3.10.5-2.cm2.x86_64 +blobfuse2-2.0.5-1.cm2.x86_64 +libnftnl-1.2.1-1.cm2.x86_64 +jansson-2.14-1.cm2.x86_64 +nftables-1.0.1-1.cm2.x86_64 +moby-runc-1.1.5-2.cm2.x86_64 +moby-containerd-1.6.18-5.cm2.x86_64 +llvm-12.0.1-7.cm2.x86_64 +binutils-devel-2.37-5.cm2.x86_64 +binutils-2.37-5.cm2.x86_64 +compiler-rt-12.0.1-1.cm2.x86_64 +clang-libs-12.0.1-4.cm2.x86_64 +bcc-0.27.0-1.cm2.x86_64 +clang-12.0.1-4.cm2.x86_64 +libbpf-1.0.1-1.cm2.x86_64 +bpftrace-0.16.0-1.cm2.x86_64 +python3-bcc-0.27.0-1.cm2.x86_64 +bcc-tools-0.27.0-1.cm2.x86_64 +bcc-examples-0.27.0-1.cm2.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 4.0M 0 4.0M 0% /dev +tmpfs 3.3G 0 3.3G 0% /dev/shm +tmpfs 1.4G 728K 1.4G 1% /run +tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup +/dev/sda3 29G 19G 8.8G 69% / +tmpfs 3.3G 4.0K 3.3G 1% /tmp +/dev/sda2 459M 36M 395M 9% /boot +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 668M 0 668M 0% /run/user/1000 +Using kernel: +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:49:39 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V1 +Feature flags: None +Container runtime: containerd +FIPS enabled: True +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="2.0.20230811" +ID=mariner +VERSION_ID="2.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-image-list.json index 4df492d9668..dc85905ed52 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V2fips", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-report.json index f7f9ece12c3..41b48862a04 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest-trivy-report.json @@ -1,11 +1,11 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmdwe507ab60", + "ArtifactName": "pkrvmy1h4jja95d", "ArtifactType": "filesystem", "Metadata": { "OS": { "Family": "cbl-mariner", - "Name": "2.0.20230805" + "Name": "2.0.20230811" }, "ImageConfig": { "architecture": "", @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmdwe507ab60 (cbl-mariner 2.0.20230805)", + "Target": "pkrvmy1h4jja95d (cbl-mariner 2.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest.txt index 1f02ba6e3ba..b4d75536ac4 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen1fips/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:09:32 UTC 2023 +Starting build on Tue Aug 22 16:26:20 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:09 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:09 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:12 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:12 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:14 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:15 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:17 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:17 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:17 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin filesystem-1.1-15.cm2.x86_64 glibc-2.35-4.cm2.x86_64 @@ -159,8 +160,8 @@ bash-5.1.8-3.cm2.x86_64 libsepol-3.2-2.cm2.x86_64 xz-5.2.5-1.cm2.x86_64 kmod-29-1.cm2.x86_64 -kernel-5.15.122.1-2.cm2.x86_64 -mariner-release-2.0-46.cm2.noarch +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch shim-15.4-2.cm2.x86_64 grub2-efi-binary-2.06-10.cm2.x86_64 popt-1.18-1.cm2.x86_64 @@ -263,9 +264,9 @@ bind-libs-9.16.33-2.cm2.x86_64 bind-utils-9.16.33-2.cm2.x86_64 chrony-4.1-2.cm2.x86_64 nghttp2-1.46.0-3.cm2.x86_64 -curl-libs-8.0.1-2.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 tdnf-3.5.2-2.cm2.x86_64 -curl-8.0.1-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 libdb-5.3.28-7.cm2.x86_64 cyrus-sasl-lib-2.1.28-4.cm2.x86_64 openldap-2.4.57-8.cm2.x86_64 @@ -330,7 +331,7 @@ python3-jsonpointer-2.2-1.cm2.noarch python3-jsonpatch-1.32-1.cm2.noarch python3-wcwidth-0.2.5-1.cm2.noarch python3-prettytable-3.2.0-2.cm2.noarch -python3-certifi-2022.12.07-1.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch python3-charset-normalizer-2.0.11-2.cm2.noarch python3-urllib3-1.26.9-1.cm2.noarch python3-asn1crypto-1.5.1-1.cm2.noarch @@ -351,11 +352,11 @@ cloud-utils-growpart-0.32-3.cm2.noarch grub2-2.06-10.cm2.x86_64 installkernel-1.0.0-2.cm2.noarch grubby-8.40-45.cm2.x86_64 -hyperv-daemons-license-5.15.122.1-1.cm2.noarch -hypervvssd-5.15.122.1-1.cm2.x86_64 -hypervkvpd-5.15.122.1-1.cm2.x86_64 -hypervfcopyd-5.15.122.1-1.cm2.x86_64 -hyperv-daemons-5.15.122.1-1.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 lzo-2.10-4.cm2.x86_64 squashfs-tools-4.5.1-1.cm2.x86_64 ethtool-5.16-1.cm2.x86_64 @@ -626,7 +627,7 @@ iotop-0.6-10.cm2.noarch ipset-7.15-1.cm2.x86_64 oniguruma-6.9.7.1-1.cm2.x86_64 jq-1.6-1.cm2.x86_64 -kernel-devel-5.15.122.1-2.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 libtirpc-1.3.3-1.cm2.x86_64 lsof-4.94.0-1.cm2.x86_64 libpcap-1.10.1-1.cm2.x86_64 @@ -671,17 +672,17 @@ devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 3.3G 0 3.3G 0% /dev/shm tmpfs 1.4G 728K 1.4G 1% /run tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup -/dev/sda3 29G 19G 9.0G 68% / +/dev/sda3 29G 19G 8.8G 69% / tmpfs 3.3G 4.0K 3.3G 1% /tmp /dev/sda2 459M 36M 395M 9% /boot /dev/sdb1 14G 28K 13G 1% /mnt tmpfs 668M 0 668M 0% /run/user/1000 Using kernel: -Linux version 5.15.122.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sat Aug 5 04:51:06 UTC 2023 -Install completed successfully on Wed Aug 16 17:32:09 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:49:39 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V1 Feature flags: None @@ -689,7 +690,7 @@ Container runtime: containerd FIPS enabled: True === os-release Begin NAME="Common Base Linux Mariner" -VERSION="2.0.20230805" +VERSION="2.0.20230811" ID=mariner VERSION_ID="2.0" PRETTY_NAME="CBL-Mariner/Linux" diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-image-list.json new file mode 100644 index 00000000000..ff8b45c08ee --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V2gen2", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..2e36b5616ff --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmjy61xqyu6g", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "2.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmjy61xqyu6g (cbl-mariner 2.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0.txt new file mode 100644 index 00000000000..0349d2ef5a6 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/202308.22.0.txt @@ -0,0 +1,696 @@ +Starting build on Tue Aug 22 16:25:02 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.16.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:27 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:27 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:30 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:30 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:32 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +filesystem-1.1-15.cm2.x86_64 +glibc-2.35-4.cm2.x86_64 +libgcc-11.2.0-4.cm2.x86_64 +pcre-libs-8.45-2.cm2.x86_64 +libstdc++-11.2.0-4.cm2.x86_64 +zlib-1.2.13-1.cm2.x86_64 +xz-libs-5.2.5-1.cm2.x86_64 +ncurses-libs-6.4-1.cm2.x86_64 +readline-8.1-1.cm2.x86_64 +libcap-2.60-2.cm2.x86_64 +bzip2-libs-1.0.8-1.cm2.x86_64 +pcre-8.45-2.cm2.x86_64 +gmp-6.2.1-3.cm2.x86_64 +libselinux-3.2-1.cm2.x86_64 +coreutils-8.32-6.cm2.x86_64 +grep-3.7-2.cm2.x86_64 +bash-5.1.8-3.cm2.x86_64 +libsepol-3.2-2.cm2.x86_64 +xz-5.2.5-1.cm2.x86_64 +kmod-29-1.cm2.x86_64 +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch +shim-15.4-2.cm2.x86_64 +grub2-efi-binary-2.06-10.cm2.x86_64 +popt-1.18-1.cm2.x86_64 +slang-2.3.2-4.cm2.x86_64 +newt-0.52.21-4.cm2.x86_64 +chkconfig-1.20-3.cm2.x86_64 +ca-certificates-shared-2.0.0-13.cm2.noarch +libffi-3.4.2-2.cm2.x86_64 +p11-kit-0.24.1-1.cm2.x86_64 +libtasn1-4.19.0-1.cm2.x86_64 +p11-kit-trust-0.24.1-1.cm2.x86_64 +ca-certificates-tools-2.0.0-13.cm2.noarch +ca-certificates-2.0.0-13.cm2.noarch +util-linux-libs-2.37.4-6.cm2.x86_64 +libgpg-error-1.46-1.cm2.x86_64 +openssl-libs-1.1.1k-24.cm2.x86_64 +libgcrypt-1.9.4-1.cm2.x86_64 +glib-2.71.0-1.cm2.x86_64 +lz4-1.9.3-1.cm2.x86_64 +systemd-rpm-macros-250.3-17.cm2.noarch +libcap-ng-0.8.2-2.cm2.x86_64 +audit-libs-3.0.6-7.cm2.x86_64 +json-c-0.15-1.cm2.x86_64 +cracklib-2.9.7-5.cm2.x86_64 +cracklib-dicts-2.9.7-5.cm2.x86_64 +pam-1.5.1-5.cm2.x86_64 +cryptsetup-libs-2.4.3-3.cm2.x86_64 +systemd-250.3-17.cm2.x86_64 +device-mapper-libs-2.03.15-2.cm2.x86_64 +cronie-1.5.7-2.cm2.x86_64 +cronie-anacron-1.5.7-2.cm2.x86_64 +logrotate-3.20.1-1.cm2.x86_64 +openssl-1.1.1k-24.cm2.x86_64 +sqlite-libs-3.39.2-2.cm2.x86_64 +expat-libs-2.5.0-1.cm2.x86_64 +zstd-libs-1.5.0-1.cm2.x86_64 +elfutils-libelf-0.186-1.cm2.x86_64 +e2fsprogs-libs-1.46.5-3.cm2.x86_64 +krb5-1.19.4-1.cm2.x86_64 +libassuan-2.5.5-2.cm2.x86_64 +expat-2.5.0-1.cm2.x86_64 +libssh2-1.9.0-2.cm2.x86_64 +iana-etc-20211115-2.cm2.noarch +libpwquality-1.4.4-1.cm2.x86_64 +file-libs-5.40-2.cm2.x86_64 +device-mapper-2.03.15-2.cm2.x86_64 +device-mapper-event-libs-2.03.15-2.cm2.x86_64 +ncurses-6.4-1.cm2.x86_64 +lmdb-libs-0.9.29-1.cm2.x86_64 +lua-libs-5.4.4-1.cm2.x86_64 +rpm-libs-4.18.0-3.cm2.x86_64 +libsolv-0.7.24-1.cm2.x86_64 +libedit-3.1.20210910-1.cm2.x86_64 +procps-ng-3.3.17-1.cm2.x86_64 +device-mapper-event-2.03.15-2.cm2.x86_64 +util-linux-2.37.4-6.cm2.x86_64 +file-5.40-2.cm2.x86_64 +cryptsetup-2.4.3-3.cm2.x86_64 +iptables-1.8.7-3.cm2.x86_64 +dbus-1.15.2-3.cm2.x86_64 +pinentry-1.2.0-1.cm2.x86_64 +openssh-clients-8.9p1-1.cm2.x86_64 +e2fsprogs-1.46.5-3.cm2.x86_64 +libarchive-3.6.1-2.cm2.x86_64 +rpm-4.18.0-3.cm2.x86_64 +bc-1.07.1-4.cm2.x86_64 +bridge-utils-1.7.1-1.cm2.x86_64 +cpio-2.13-4.cm2.x86_64 +gdbm-1.21-1.cm2.x86_64 +iputils-20211215-1.cm2.x86_64 +irqbalance-1.8.0-2.cm2.x86_64 +libtool-2.4.6-8.cm2.x86_64 +mariner-rpm-macros-2.0-23.cm2.noarch +net-tools-2.10-2.cm2.x86_64 +tar-1.34-1.cm2.x86_64 +tzdata-2023c-1.cm2.noarch +which-2.21-8.cm2.x86_64 +libseccomp-2.5.3-1.cm2.x86_64 +nettle-3.7.3-2.cm2.x86_64 +bzip2-1.0.8-1.cm2.x86_64 +ca-certificates-base-2.0.0-13.cm2.noarch +findutils-4.8.0-4.cm2.x86_64 +gzip-1.12-1.cm2.x86_64 +sed-4.8-2.cm2.x86_64 +libmnl-1.0.4-6.cm2.x86_64 +iproute-5.15.0-2.cm2.x86_64 +libaio-0.3.112-4.cm2.x86_64 +lvm2-2.03.15-2.cm2.x86_64 +pkgconf-m4-1.8.0-3.cm2.noarch +libsemanage-3.2-2.cm2.x86_64 +shadow-utils-4.9-12.cm2.x86_64 +tdnf-cli-libs-3.5.2-2.cm2.x86_64 +libpkgconf-1.8.0-3.cm2.x86_64 +pkgconf-1.8.0-3.cm2.x86_64 +pkgconf-pkg-config-1.8.0-3.cm2.x86_64 +bind-license-9.16.33-2.cm2.noarch +libuv-1.43.0-1.cm2.x86_64 +libxml2-2.10.4-1.cm2.x86_64 +bind-libs-9.16.33-2.cm2.x86_64 +bind-utils-9.16.33-2.cm2.x86_64 +chrony-4.1-2.cm2.x86_64 +nghttp2-1.46.0-3.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 +tdnf-3.5.2-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 +libdb-5.3.28-7.cm2.x86_64 +cyrus-sasl-lib-2.1.28-4.cm2.x86_64 +openldap-2.4.57-8.cm2.x86_64 +sudo-1.9.13p3-2.cm2.x86_64 +libksba-1.6.3-1.cm2.x86_64 +npth-1.6-4.cm2.x86_64 +gnupg2-2.4.0-2.cm2.x86_64 +gpgme-1.16.0-1.cm2.x86_64 +mariner-repos-shared-2.0-8.cm2.noarch +mariner-repos-microsoft-2.0-8.cm2.noarch +mariner-repos-extras-2.0-8.cm2.noarch +mariner-repos-2.0-8.cm2.noarch +tdnf-plugin-repogpgcheck-3.5.2-2.cm2.x86_64 +core-packages-container-2.0-8.cm2.x86_64 +core-packages-base-image-2.0-8.cm2.x86_64 +dracut-055-5.cm2.x86_64 +initramfs-2.0-13.cm2.x86_64 +python3-3.9.14-6.cm2.x86_64 +python3-libs-3.9.14-6.cm2.x86_64 +zchunk-libs-1.1.16-2.cm2.x86_64 +zchunk-1.1.16-2.cm2.x86_64 +librepo-1.15.1-1.cm2.x86_64 +python3-curses-3.9.14-6.cm2.x86_64 +python3-gpg-1.16.0-1.cm2.x86_64 +dnf-data-4.8.0-2.cm2.noarch +libcomps-0.1.18-1.cm2.x86_64 +python3-libcomps-0.1.18-1.cm2.x86_64 +elfutils-default-yama-scope-0.186-1.cm2.noarch +libgomp-11.2.0-4.cm2.x86_64 +popt-devel-1.18-1.cm2.x86_64 +libyaml-0.2.5-3.cm2.x86_64 +libmodulemd-2.13.0-2.cm2.x86_64 +libdnf-0.63.1-1.cm2.x86_64 +python3-libdnf-0.63.1-1.cm2.x86_64 +python3-hawkey-0.63.1-1.cm2.x86_64 +elfutils-libelf-devel-0.186-1.cm2.x86_64 +xz-devel-5.2.5-1.cm2.x86_64 +zlib-devel-1.2.13-1.cm2.x86_64 +zstd-1.5.0-1.cm2.x86_64 +zstd-devel-1.5.0-1.cm2.x86_64 +elfutils-0.186-1.cm2.x86_64 +elfutils-devel-0.186-1.cm2.x86_64 +rpm-build-libs-4.18.0-3.cm2.x86_64 +rpm-devel-4.18.0-3.cm2.x86_64 +python3-rpm-4.18.0-3.cm2.x86_64 +python3-dnf-4.8.0-2.cm2.noarch +dnf-4.8.0-2.cm2.noarch +wget-1.21.2-1.cm2.x86_64 +python3-six-1.16.0-2.cm2.noarch +python3-markupsafe-2.1.0-1.cm2.x86_64 +python3-idna-3.3-1.cm2.noarch +python3-jinja2-3.0.3-2.cm2.noarch +python3-configobj-5.0.6-7.cm2.noarch +PyYAML-3.13-8.cm2.x86_64 +python3-jsonschema-2.6.0-6.cm2.noarch +python3-netifaces-0.11.0-1.cm2.x86_64 +python3-oauthlib-2.1.0-7.cm2.noarch +python3-setuptools-3.9.14-6.cm2.noarch +dhcp-libs-4.4.2-5.cm2.x86_64 +dhcp-client-4.4.2-5.cm2.x86_64 +python3-jsonpointer-2.2-1.cm2.noarch +python3-jsonpatch-1.32-1.cm2.noarch +python3-wcwidth-0.2.5-1.cm2.noarch +python3-prettytable-3.2.0-2.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch +python3-charset-normalizer-2.0.11-2.cm2.noarch +python3-urllib3-1.26.9-1.cm2.noarch +python3-asn1crypto-1.5.1-1.cm2.noarch +python3-pyasn1-0.4.8-1.cm2.noarch +python3-pycparser-2.21-1.cm2.noarch +python3-cffi-1.15.0-2.cm2.x86_64 +python3-pyparsing-3.0.7-1.cm2.noarch +python3-packaging-21.3-1.cm2.noarch +python3-cryptography-3.3.2-4.cm2.x86_64 +python3-pyOpenSSL-18.0.0-8.cm2.noarch +python3-requests-2.27.1-6.cm2.noarch +cloud-init-23.2-1.cm2.noarch +cloud-init-azure-kvp-23.2-1.cm2.noarch +gptfdisk-1.0.8-1.cm2.x86_64 +mpfr-4.1.0-1.cm2.x86_64 +gawk-5.1.0-2.cm2.x86_64 +cloud-utils-growpart-0.32-3.cm2.noarch +grub2-2.06-10.cm2.x86_64 +installkernel-1.0.0-2.cm2.noarch +grubby-8.40-45.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 +lzo-2.10-4.cm2.x86_64 +squashfs-tools-4.5.1-1.cm2.x86_64 +ethtool-5.16-1.cm2.x86_64 +snappy-1.1.9-2.cm2.x86_64 +kexec-tools-2.0.23-2.cm2.x86_64 +libnl3-3.5.0-3.cm2.x86_64 +wpa_supplicant-2.10-1.cm2.x86_64 +netplan-0.95-1.cm2.x86_64 +ncurses-term-6.4-1.cm2.x86_64 +openssh-server-8.9p1-1.cm2.x86_64 +libestr-0.1.11-1.cm2.x86_64 +libfastjson-0.99.9-1.cm2.x86_64 +gc-8.0.0-4.cm2.x86_64 +libmpc-1.2.1-1.cm2.x86_64 +libstdc++-devel-11.2.0-4.cm2.x86_64 +liblognorm-2.0.6-2.cm2.x86_64 +postgresql-libs-14.8-1.cm2.x86_64 +autogen-libopts-5.18.16-8.cm2.x86_64 +cyrus-sasl-2.1.28-4.cm2.x86_64 +librdkafka1-1.8.2-1.cm2.x86_64 +glibc-iconv-2.35-4.cm2.x86_64 +libltdl-2.4.6-8.cm2.x86_64 +libunistring-0.9.10-5.cm2.x86_64 +guile-2.0.14-4.cm2.x86_64 +gnutls-3.7.7-2.cm2.x86_64 +librelp-1.10.0-1.cm2.x86_64 +make-4.3-2.cm2.x86_64 +libgcc-atomic-11.2.0-4.cm2.x86_64 +libgcc-devel-11.2.0-4.cm2.x86_64 +libgomp-devel-11.2.0-4.cm2.x86_64 +gcc-c++-11.2.0-4.cm2.x86_64 +gcc-11.2.0-4.cm2.x86_64 +perl-vmsish-1.04-488.cm2.noarch +perl-version-0.99.28-488.cm2.noarch +perl-subs-1.04-488.cm2.noarch +perl-ph-5.34.1-488.cm2.x86_64 +perl-perlfaq-5.20210411-488.cm2.noarch +perl-parent-0.238-488.cm2.noarch +perl-mro-1.25-488.cm2.x86_64 +perl-meta-notation-5.34.1-488.cm2.noarch +perl-less-0.03-488.cm2.noarch +perl-if-0.60.900-488.cm2.noarch +perl-filetest-1.03-488.cm2.noarch +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch +perl-Devel-PPPort-3.62-488.cm2.x86_64 +perl-vars-1.05-488.cm2.noarch +perl-sort-2.04-488.cm2.noarch +perl-overloading-0.02-488.cm2.noarch +perl-lib-0.65-488.cm2.x86_64 +perl-experimental-0.024-488.cm2.noarch +perl-encoding-warnings-0.13-488.cm2.noarch +perl-deprecate-0.04-488.cm2.noarch +perl-constant-1.33-488.cm2.noarch +perl-base-2.27-488.cm2.noarch +perl-autouse-1.11-488.cm2.noarch +perl-Tie-Memoize-1.1-488.cm2.noarch +perl-Env-1.05-488.cm2.noarch +perl-Tie-4.6-488.cm2.noarch +perl-Term-ReadLine-1.17-488.cm2.noarch +perl-Term-Cap-1.17-488.cm2.noarch +perl-Module-Loaded-0.08-488.cm2.noarch +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch +perl-AutoLoader-5.74-488.cm2.noarch +perl-Attribute-Handlers-1.01-488.cm2.noarch +perl-Unicode-Normalize-1.28-488.cm2.x86_64 +perl-Time-Local-1.300-488.cm2.noarch +perl-Time-HiRes-1.9767-488.cm2.x86_64 +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch +perl-File-DosGlob-1.12-488.cm2.x86_64 +perl-Text-ParseWords-3.30-488.cm2.noarch +perl-Text-Abbrev-1.02-488.cm2.noarch +perl-Term-Complete-1.403-488.cm2.noarch +perl-Term-ANSIColor-5.01-488.cm2.noarch +perl-sigtrap-1.09-488.cm2.noarch +perl-SelectSaver-1.02-488.cm2.noarch +perl-DirHandle-1.05-488.cm2.noarch +perl-Symbol-1.09-488.cm2.noarch +perl-Socket-2.031-488.cm2.x86_64 +perl-Search-Dict-1.07-488.cm2.noarch +perl-threads-shared-1.62-488.cm2.x86_64 +perl-Thread-3.05-488.cm2.noarch +perl-threads-2.26-488.cm2.x86_64 +perl-Text-Balanced-2.04-488.cm2.noarch +perl-NEXT-0.68-488.cm2.noarch +perl-overload-1.33-488.cm2.noarch +perl-Time-Piece-1.3401-488.cm2.x86_64 +perl-Tie-RefHash-1.40-488.cm2.noarch +perl-Thread-Semaphore-2.13-488.cm2.noarch +perl-Thread-Queue-3.14-488.cm2.noarch +perl-Module-CoreList-5.20220313-488.cm2.noarch +perl-Scalar-List-Utils-1.55-488.cm2.x86_64 +perl-Pod-Functions-1.13-488.cm2.noarch +perl-Pod-Escapes-1.07-488.cm2.noarch +perl-Perl-OSType-1.010-488.cm2.noarch +perl-Opcode-1.50-488.cm2.x86_64 +perl-Math-Complex-1.59-488.cm2.noarch +perl-bignum-0.51-488.cm2.noarch +perl-Math-BigRat-0.2614-488.cm2.noarch +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.x86_64 +perl-Math-BigInt-1.9998.18-488.cm2.noarch +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch +perl-MIME-Base64-3.16-488.cm2.x86_64 +perl-I18N-Langinfo-0.19-488.cm2.x86_64 +perl-Params-Check-0.38-488.cm2.noarch +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch +perl-Locale-Maketext-1.29-488.cm2.noarch +perl-I18N-LangTags-0.45-488.cm2.noarch +perl-Hash-Util-FieldHash-1.21-488.cm2.x86_64 +perl-fields-2.27-488.cm2.noarch +perl-Hash-Util-0.25-488.cm2.x86_64 +perl-Getopt-Std-1.13-488.cm2.noarch +perl-Filter-Simple-0.96-488.cm2.noarch +perl-Filter-1.59-488.cm2.x86_64 +perl-FileCache-1.10-488.cm2.noarch +perl-File-Compare-1.100.600-488.cm2.noarch +perl-File-Basename-2.85-488.cm2.noarch +perl-locale-1.10-488.cm2.noarch +perl-Tie-File-1.06-488.cm2.noarch +perl-Sys-Syslog-0.36-488.cm2.x86_64 +perl-Sys-Hostname-1.23-488.cm2.x86_64 +perl-I18N-Collate-1.02-488.cm2.noarch +perl-POSIX-1.97-488.cm2.x86_64 +perl-Fcntl-1.14-488.cm2.x86_64 +perl-Errno-1.33-488.cm2.x86_64 +perl-English-1.11-488.cm2.noarch +perl-Digest-MD5-2.58-488.cm2.x86_64 +perl-Digest-1.19-488.cm2.noarch +perl-Dumpvalue-2.27-488.cm2.noarch +perl-Devel-Peek-1.30-488.cm2.x86_64 +perl-Config-Perl-V-0.33-488.cm2.noarch +perl-Config-Extensions-0.03-488.cm2.noarch +perl-Compress-Raw-Zlib-2.101-488.cm2.x86_64 +perl-User-pwent-1.03-488.cm2.noarch +perl-Time-1.03-488.cm2.noarch +perl-Net-1.02-488.cm2.noarch +perl-File-stat-1.09-488.cm2.noarch +perl-Class-Struct-0.66-488.cm2.noarch +perl-Benchmark-1.23-488.cm2.noarch +perl-autodie-2.34-488.cm2.noarch +perl-Safe-2.43-488.cm2.noarch +perl-ExtUtils-Constant-0.25-488.cm2.noarch +perl-Data-Dumper-2.179-488.cm2.x86_64 +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch +perl-B-1.82-488.cm2.x86_64 +perl-blib-1.07-488.cm2.noarch +perl-Unicode-Collate-1.29-488.cm2.x86_64 +perl-Module-Load-0.36-488.cm2.noarch +perl-Unicode-UCD-0.75-488.cm2.noarch +perl-Memoize-1.03-488.cm2.noarch +perl-Storable-3.23-488.cm2.x86_64 +perl-SelfLoader-1.26-488.cm2.noarch +perl-IPC-Open3-1.21-488.cm2.noarch +perl-IO-Socket-IP-0.41-488.cm2.noarch +perl-HTTP-Tiny-0.076-488.cm2.noarch +perl-libnet-3.13-488.cm2.noarch +perl-Net-Ping-2.74-488.cm2.noarch +perl-FileHandle-2.03-488.cm2.noarch +perl-IO-1.46-488.cm2.x86_64 +perl-FindBin-1.52-488.cm2.noarch +perl-debugger-1.60-488.cm2.noarch +perl-Test-Simple-1.302183-488.cm2.noarch +perl-Test-1.31-488.cm2.noarch +perl-Compress-Raw-Bzip2-2.101-488.cm2.x86_64 +perl-File-Temp-0.231.100-488.cm2.noarch +perl-File-Path-2.18-488.cm2.noarch +perl-IPC-Cmd-1.04-488.cm2.noarch +perl-Module-Load-Conditional-0.74-488.cm2.noarch +perl-Module-Metadata-1.000037-488.cm2.noarch +perl-ExtUtils-Command-7.62-488.cm2.noarch +perl-File-Find-1.39-488.cm2.noarch +perl-File-Fetch-1.00-488.cm2.noarch +perl-File-Copy-2.35-488.cm2.noarch +perl-ExtUtils-Manifest-1.73-488.cm2.noarch +perl-Devel-SelfStubber-1.06-488.cm2.noarch +perl-AutoSplit-5.74-488.cm2.noarch +perl-open-1.12-488.cm2.noarch +perl-encoding-3.00-488.cm2.x86_64 +perl-utils-5.34.1-488.cm2.noarch +perl-diagnostics-1.37-488.cm2.noarch +perl-Test-Harness-3.43-488.cm2.noarch +perl-podlators-4.14-488.cm2.noarch +perl-Pod-Simple-3.42-488.cm2.noarch +perl-Pod-Html-1.27-488.cm2.noarch +perl-Pod-Checker-1.74-488.cm2.noarch +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch +perl-Digest-SHA-6.02-488.cm2.x86_64 +perl-Getopt-Long-2.52-488.cm2.noarch +perl-Pod-Usage-2.01-488.cm2.noarch +perl-JSON-PP-4.06-488.cm2.noarch +perl-IO-Zlib-1.11-488.cm2.noarch +perl-Archive-Tar-2.38-488.cm2.noarch +perl-IO-Compress-2.102-488.cm2.noarch +perl-DBM_Filter-0.06-488.cm2.noarch +perl-CPAN-Meta-2.150010-488.cm2.noarch +perl-IPC-SysV-2.09-488.cm2.x86_64 +perl-libnetcfg-5.34.1-488.cm2.noarch +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch +perl-ExtUtils-Embed-1.35-488.cm2.noarch +perl-Encode-devel-3.08-488.cm2.noarch +perl-devel-5.34.1-488.cm2.x86_64 +perl-ExtUtils-Install-2.20-488.cm2.noarch +perl-CPAN-2.28-488.cm2.noarch +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch +perl-ODBM_File-1.17-488.cm2.x86_64 +perl-NDBM_File-1.15-488.cm2.x86_64 +perl-GDBM_File-1.19-488.cm2.x86_64 +perl-PathTools-3.80-488.cm2.x86_64 +perl-Exporter-5.76-488.cm2.noarch +perl-Pod-Perldoc-3.28.01-488.cm2.noarch +perl-Encode-3.08-488.cm2.x86_64 +perl-DynaLoader-1.50-488.cm2.x86_64 +perl-Carp-1.52-488.cm2.noarch +perl-5.34.1-488.cm2.x86_64 +perl-libs-5.34.1-488.cm2.x86_64 +perl-doc-5.34.1-488.cm2.noarch +perl-macros-5.34.1-488.cm2.noarch +perl-interpreter-5.34.1-488.cm2.x86_64 +net-snmp-libs-5.9.1-2.cm2.x86_64 +rsyslog-8.2204.1-3.cm2.x86_64 +sgx-backwards-compatability-1.0.0-1.cm2.x86_64 +openssh-8.9p1-1.cm2.x86_64 +python3-distro-1.6.0-2.cm2.noarch +WALinuxAgent-2.3.1.1-3.cm2.noarch +iw-5.9-1.cm2.x86_64 +wireless-regdb-2022.08.12-1.cm2.noarch +gpg-pubkey-3135ce90-5e6fda74 +gpg-pubkey-be1229cf-5631588c +inotify-tools-3.22.1.0-1.cm2.x86_64 +fuse-2.9.7-10.cm2.x86_64 +boost-1.76.0-3.cm2.x86_64 +blobfuse-1.4.5-10.cm2.x86_64 +python3-dbus-1.2.16-3.cm2.x86_64 +python3-dateutil-2.7.3-5.cm2.noarch +python3-dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-utils-4.0.24-3.cm2.noarch +check-restart-1.0.0-2.cm2.x86_64 +keyutils-1.6.1-1.cm2.x86_64 +cifs-utils-6.14-2.cm2.x86_64 +libnfnetlink-1.0.1-5.cm2.x86_64 +libnetfilter_conntrack-1.0.8-1.cm2.x86_64 +libnetfilter_queue-1.0.5-1.cm2.x86_64 +libnetfilter_cttimeout-1.0.0-5.cm2.x86_64 +libnetfilter_cthelper-1.0.0-5.cm2.x86_64 +conntrack-tools-1.4.5-7.cm2.x86_64 +dnf-automatic-4.8.0-2.cm2.noarch +ebtables-legacy-2.0.11-6.cm2.x86_64 +apr-1.7.2-1.cm2.x86_64 +apr-util-1.6.3-1.cm2.x86_64 +utf8proc-2.6.1-2.cm2.x86_64 +libserf-1.3.9-8.cm2.x86_64 +subversion-1.14.2-1.cm2.x86_64 +subversion-perl-1.14.2-1.cm2.x86_64 +perl-YAML-1.30-2.cm2.noarch +perl-DBI-1.643-2.cm2.x86_64 +perl-CGI-4.54-3.cm2.noarch +less-590-2.cm2.x86_64 +git-2.33.8-1.cm2.x86_64 +iotop-0.6-10.cm2.noarch +ipset-7.15-1.cm2.x86_64 +oniguruma-6.9.7.1-1.cm2.x86_64 +jq-1.6-1.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 +libtirpc-1.3.3-1.cm2.x86_64 +lsof-4.94.0-1.cm2.x86_64 +libpcap-1.10.1-1.cm2.x86_64 +nmap-ncat-7.93-1.cm2.x86_64 +rpcbind-1.2.5-5.cm2.x86_64 +libnfsidmap-2.5.4-2.cm2.x86_64 +libevent-2.1.12-1.cm2.x86_64 +nfs-utils-2.5.4-2.cm2.x86_64 +pigz-2.6-2.cm2.x86_64 +psmisc-23.4-1.cm2.x86_64 +socat-1.7.4.3-1.cm2.x86_64 +sysstat-12.7.1-2.cm2.x86_64 +traceroute-2.1.0-6.cm2.x86_64 +zip-3.0-5.cm2.x86_64 +libapparmor-3.0.4-1.cm2.x86_64 +apparmor-parser-3.0.4-1.cm2.x86_64 +fuse3-libs-3.10.5-2.cm2.x86_64 +fuse-common-3.10.5-2.cm2.x86_64 +fuse3-3.10.5-2.cm2.x86_64 +blobfuse2-2.0.5-1.cm2.x86_64 +libnftnl-1.2.1-1.cm2.x86_64 +jansson-2.14-1.cm2.x86_64 +nftables-1.0.1-1.cm2.x86_64 +moby-runc-1.1.5-2.cm2.x86_64 +moby-containerd-1.6.18-5.cm2.x86_64 +llvm-12.0.1-7.cm2.x86_64 +binutils-devel-2.37-5.cm2.x86_64 +binutils-2.37-5.cm2.x86_64 +compiler-rt-12.0.1-1.cm2.x86_64 +clang-libs-12.0.1-4.cm2.x86_64 +bcc-0.27.0-1.cm2.x86_64 +clang-12.0.1-4.cm2.x86_64 +libbpf-1.0.1-1.cm2.x86_64 +bpftrace-0.16.0-1.cm2.x86_64 +python3-bcc-0.27.0-1.cm2.x86_64 +bcc-tools-0.27.0-1.cm2.x86_64 +bcc-examples-0.27.0-1.cm2.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 4.0M 0 4.0M 0% /dev +tmpfs 3.3G 0 3.3G 0% /dev/shm +tmpfs 1.4G 8.6M 1.3G 1% /run +tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup +/dev/sda3 29G 19G 8.7G 69% / +tmpfs 3.3G 4.0K 3.3G 1% /tmp +/dev/sda2 459M 31M 399M 8% /boot +/dev/sda1 64M 2.3M 62M 4% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 668M 0 668M 0% /run/user/1000 +Using kernel: +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:47:46 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: false +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="2.0.20230811" +ID=mariner +VERSION_ID="2.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-image-list.json index fc040adcff6..ff8b45c08ee 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V2gen2", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-report.json index 8ec03dac743..2e36b5616ff 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest-trivy-report.json @@ -1,11 +1,11 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmlz51ociwuk", + "ArtifactName": "pkrvmjy61xqyu6g", "ArtifactType": "filesystem", "Metadata": { "OS": { "Family": "cbl-mariner", - "Name": "2.0.20230805" + "Name": "2.0.20230811" }, "ImageConfig": { "architecture": "", @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmlz51ociwuk (cbl-mariner 2.0.20230805)", + "Target": "pkrvmjy61xqyu6g (cbl-mariner 2.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest.txt index 8119c7f3edc..0349d2ef5a6 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:01 UTC 2023 +Starting build on Tue Aug 22 16:25:02 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:10 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:10 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:12 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:12 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:15 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:15 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:15 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:27 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:27 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:30 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:30 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:32 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin filesystem-1.1-15.cm2.x86_64 glibc-2.35-4.cm2.x86_64 @@ -159,8 +160,8 @@ bash-5.1.8-3.cm2.x86_64 libsepol-3.2-2.cm2.x86_64 xz-5.2.5-1.cm2.x86_64 kmod-29-1.cm2.x86_64 -kernel-5.15.122.1-2.cm2.x86_64 -mariner-release-2.0-46.cm2.noarch +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch shim-15.4-2.cm2.x86_64 grub2-efi-binary-2.06-10.cm2.x86_64 popt-1.18-1.cm2.x86_64 @@ -263,9 +264,9 @@ bind-libs-9.16.33-2.cm2.x86_64 bind-utils-9.16.33-2.cm2.x86_64 chrony-4.1-2.cm2.x86_64 nghttp2-1.46.0-3.cm2.x86_64 -curl-libs-8.0.1-2.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 tdnf-3.5.2-2.cm2.x86_64 -curl-8.0.1-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 libdb-5.3.28-7.cm2.x86_64 cyrus-sasl-lib-2.1.28-4.cm2.x86_64 openldap-2.4.57-8.cm2.x86_64 @@ -330,7 +331,7 @@ python3-jsonpointer-2.2-1.cm2.noarch python3-jsonpatch-1.32-1.cm2.noarch python3-wcwidth-0.2.5-1.cm2.noarch python3-prettytable-3.2.0-2.cm2.noarch -python3-certifi-2022.12.07-1.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch python3-charset-normalizer-2.0.11-2.cm2.noarch python3-urllib3-1.26.9-1.cm2.noarch python3-asn1crypto-1.5.1-1.cm2.noarch @@ -351,11 +352,11 @@ cloud-utils-growpart-0.32-3.cm2.noarch grub2-2.06-10.cm2.x86_64 installkernel-1.0.0-2.cm2.noarch grubby-8.40-45.cm2.x86_64 -hyperv-daemons-license-5.15.122.1-1.cm2.noarch -hypervvssd-5.15.122.1-1.cm2.x86_64 -hypervkvpd-5.15.122.1-1.cm2.x86_64 -hypervfcopyd-5.15.122.1-1.cm2.x86_64 -hyperv-daemons-5.15.122.1-1.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 lzo-2.10-4.cm2.x86_64 squashfs-tools-4.5.1-1.cm2.x86_64 ethtool-5.16-1.cm2.x86_64 @@ -620,7 +621,7 @@ iotop-0.6-10.cm2.noarch ipset-7.15-1.cm2.x86_64 oniguruma-6.9.7.1-1.cm2.x86_64 jq-1.6-1.cm2.x86_64 -kernel-devel-5.15.122.1-2.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 libtirpc-1.3.3-1.cm2.x86_64 lsof-4.94.0-1.cm2.x86_64 libpcap-1.10.1-1.cm2.x86_64 @@ -665,18 +666,18 @@ devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 3.3G 0 3.3G 0% /dev/shm tmpfs 1.4G 8.6M 1.3G 1% /run tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup -/dev/sda3 29G 19G 8.9G 68% / +/dev/sda3 29G 19G 8.7G 69% / tmpfs 3.3G 4.0K 3.3G 1% /tmp /dev/sda2 459M 31M 399M 8% /boot /dev/sda1 64M 2.3M 62M 4% /boot/efi /dev/sdb1 14G 28K 13G 1% /mnt tmpfs 668M 0 668M 0% /run/user/1000 Using kernel: -Linux version 5.15.122.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sat Aug 5 04:51:06 UTC 2023 -Install completed successfully on Wed Aug 16 17:29:39 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:47:46 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V2 Feature flags: None @@ -684,7 +685,7 @@ Container runtime: containerd FIPS enabled: false === os-release Begin NAME="Common Base Linux Mariner" -VERSION="2.0.20230805" +VERSION="2.0.20230811" ID=mariner VERSION_ID="2.0" PRETTY_NAME="CBL-Mariner/Linux" diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-image-list.json new file mode 100644 index 00000000000..3531aa2b594 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V2gen2arm64", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:029e28acfa0a78d29a9be5f20a060c87a74ec8523f525522acb9411121866b3b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:03a5f6a47761726e63272e94e4bea70de259b1b644d1a5d94e304b43f3de51e9", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:03bba7644841f9a0ae3bae2edd0fa9c2c0529d041441953402f7248f3e604c0f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:078bb9ab27afca3a73e92b3a26860509537b8f2e9bde20501d4df175a0e1899b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:08c2dc4229fec87c1a8dff6a6541f04a264973965c79578b3e7981648703a782", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:0911b94b2768461197b39aa3b4713ea64b08f7e5c993a7b5c074f48ccd6137dd", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:094f81991e672caaea3cb6482ed3e75a30e5f2a7558f604f3bd8a4f4932e8841", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:0f08ff5e0377c83be346575fa2b081bb5df195d60bc987d57839608e9c00f0a5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:1559865e411d1aa1cc4b7d9b359673e711b687ef406a67713fde5e0c3cd3b100", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:16638544d9005400b8c828497a6f9dd59eb22c52044f2e5bd854446ce890fe38", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + }, + { + "id": "sha256:16c59097595401776e42bd90ffd7fbdc5a501cd3c1c247f8ba764b3efb1b6943", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:1ef5a89185e7017cfd67515023f01537648765f05f21d7650508b11587b9dcbd", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:2104e2ede8b09c3c4a4b328c9b0d0c41d0e6d6afef6953140e3828b86d1435ef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:22b54cc53654130d9ef80621b73b74508c276b74c8e711299db7b9be539eccde", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:29b2a51801246fbe9a9dcd1e302f87b5b1f1ca197aef5f6ce55b77653c809dee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:29b9c11b05756a721f2af086d486635b5ec219781b4964a34d298353e56baa55", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:2c41585648de3181ed246160b371cb95e764e368d9a5f8f07d3fa8dfd01dd4be", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:2e1a6ae7f8a11a9bc68883417edd268c638b0c19860d206d18188cbaec9fc050", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:309770371975972493c162d537b17f63590e8cea46f190ca609693a57abc36eb", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:336bfa8edab879a63cabf9d65a9792261673b77a8b3ee614675a8ca44434dbd5", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:33ced36e954d9a616762ea3d6fd28b66085f9ee73366e1b685d5ec5d192b5a7f", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:354a3638d0e4f1e99f79d4a1522997c07823590847b4e1128fcaf2f7d44e9e15", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:37ceb553c3205291128639c9ad553d15608f23b5cdac92fa78dfadc99a98669f", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:3af6a65aa9e9b7874a111f347031582e09aaaf7e70d24d25b1b3682efaf3ee9b", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:3e03a43b6d22daf85fe6aa23c43e82a77e34506c085bd826a916c2fb8944c9f0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:41a5419580ae3ca07d7d6797c5c4c7f30a35ffdf71502b2b8c4f48234cfa6604", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:43834bcd11a3324afe0e06889499187279220d15e00713630bdf6d9ffe835bcc", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:49a6384e08d4a112838b6154fca9edb49b4cf5ad36cb91ff72b1744ca2df36da", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:4bee58df2217fc0a3da97c8df69bc1b8cec662683c6e8536e0ea0e3f60a76486", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:4d546929714bf77c7a26b563c6992d952bd00668f37459363ad44ea58a53c6ec", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:53be7459c0d4de20fba2078fca976350ad68dff0cf6120ea8877173047e51ff5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:54c61f388d69dae8783a662ef0f1b206d9e8ba36a0a74b566b6b01e576dd3e9d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:57300ee001d0f178bc3dc4a704ef0e91b4ab6ae123193e81f0f35476f52ac5f6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:61626aa10c8033901b52ab0100e9b877227a1198cff32cd42e7ef6c3597cf80e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:62432a27f56d32a56916ea613578ae01109e4a1129ef154e0cfdcb21452b1873", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:638e0bdeece4fb53d86227e0144d6ef6ec12a6f4ed35ebb9eeb69fb8647a1eab", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:6af98f2a56564f6d6ce5aec3cd6d6b4142306a57642fd1596f449e1510f6e147", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6dbb8c782a18243ab19d55def07d8a693af145e32d5a532e959add0248ec7bb8", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:707ae15f152d2e3e610d455e9797e30a23580d0fbc5d4ff1b96471291564ecab", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:712be482d236ed8355d289dd28c1741f7056eb85277340a8e5e98c1f6be759b6", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:720b0f13c4f74054a28fa80c5c9402311cfc55b77bce2b8dce8f9ca2d3aea5ca", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:74a2a9cc00683ec9618024abaf0c60398ff6dd4333b764ae5a45d36d9c62ab36", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:74b4903c99c974d7334cf636883f3f0e9b623f56d0aaa3b08b6984bd5744cb84", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:780ddb9840f9468e2b5fcc260e5ef6d7a3ce9f33be987fd69b8bd68a4d2f663b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:783c2028c9db5963e5d95b3dda2a57b75c2b82ed52012c38c5bf38086f3a207e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:790c4e91f08b87b1d29a7c24131803470e6fc13158247bc8f537c4a54ccd19f1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:7967ff637bc02782a265da08a9b2fa25ed9260f5afe22fcef22114265c28bad7", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7ac4a0264620269872de83cd8d8ffc3dc9c4f8f1aa1dc075c91693b543200bf3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:7c70cdfa3001ed6bf26ec76c40379689035b8b6484776a791ec8d08a3991aef0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:890d2e5c8490dc603a6ce4367e69d63a3ca41ae63dae672dd9998e93a9995cc4", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:891375114959d684b21c18cf3523b26ff0dccee324b45101b5c463dc08242058", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:8bb22d37b02463894fb0d8865a7bc672efcf0d44fe14223d59cbc068b59a2885", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:8ec703a8caf9c4c6a93fb453dacf8502e16de202a4d701dffdddd634372196d0", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:95415170ecc2b475736e4d24d760ba081970b09974f76370061d4de3f28428d5", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:97224bdbb8d620086c3a7b353cb50f036b47241daeb459449761a33e9964ce3a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:97fb3c290434e7782b579ccd84c641fdd2473e64e5946a723b84994748cbd0ea", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:9ad6073e60874426ff782d3294e32ad3c1576fd7ecf277de03bf6cec835ea6dc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:9b2c961742d72d17baca025c7de50a8ef7cbabcf89d713741c4278b5d515ef28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:9e3aa067aebba2ba9848865d3c407a5bb141865310a65f2021087a9a3aa64dda", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:a43dfb12d49198b2d2d0476ca39af2a7f7e544bb85c4269e7070ef9d23cde8da", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:a869e46777a8d81dde6466ff966051eb023b9520d0e9d673702c416ed5d78e63", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:a98373e24a1f8a62d1a7fe1e84b81bb613658f088c9017924890a3ae054bb56e", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:abb36e95ba4358fcce1edb04e7f59c9226bc272fef1a67d3aeb655e583c95244", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:b1e59235672008fecf0b6a73df25bc38a9765e901c0104fcce6b6f2868c5cec4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:b1f3ef2255c8ca64d9a3d1b33131d0dca101a4fb9eb824313454bb1730e6d1b9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:b3b80b6a756a3fbf600cda87007c14a36656c9c2d72ec0772986fa34370ebc6a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:b3d07208cad330195453067a3f1d7accea54006a98ff4f955f425830d13a61c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:b636c26276cc1afa2d5a5eb3d0e85a855349bc00b702087861c47ef992be72e7", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:b8255f8d0bc1e285be34a8359095d046a4e1d3e628e49d9667b977015193541c", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:bb1a3ebaf5d77f4caa527be1c2f09ab0a3ddcfcc1b40d447c3cecbc284f4de7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:bd5c4ec28e5b8187df605f314d1975a225e7bf1ec6d258b82e6457696ee815eb", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:bee54938fcfd369275d7de77f40e8a5ab3ea0335473c0c2685dd955f56c62507", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:bfaaee1dfcb03adea8995fec4ceb77689d8339d76e4224cdcdeab21eb50cce77", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:bfc444e6f51cef9abcd6c5d3ed986fa6f270013a456d4d69e71b8284acd7aee6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:c3862cba675070a24d70283e1d9f5b18d2755c7ce0f2659bf7782693a97157f2", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:c3d0d12b85695f4f184a7807f874541c454fad31b62f05d7c905a6d78c22953a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:c47eff4dfbd4cb549f6dd25c0481e0e847776d52d1f727c07717acaca738e29b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:c4cd5b18af3fe5aa9d9938152160174ac7ba170d0ab1d61bd7359d55593466e8", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c53a1e0d896c490e6868b0595d6cb167c785a3a35862c74f2eaf75549979f16e", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:c7df0e05d6c807082980d57dbd2cfc59d8bde3e58f8e86a350125177dd700877", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:cb4b52f32d56b7c2e7382dd304bb2d39e1e8ed8da3777449cfca2866e22f987b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:d24b2b93882cd8850a003655fe33996206319309122685076835470b4c760fab", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:dca02241055037440b213b2bcb304132206e71e346409d656bdc44661d695769", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:df5b53e402efd722cf62f3dbd2192b03bc127657ded33a53793a15275fdca35c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:e04bdc3a452f61da0d4bd15c96107de3480bba75df9aabc1b3cb81f373728ca7", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:e3a43b58db8d1cde0a546358eadc939c9cba5c9ed9267609280ee7c75a6b3a74", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:ee8ebb32fb27ddc09c181144d0d1e4fbc798ac9f61f3ee01a0c83632df380d82", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:ef32adb129c3d53f20c11109186462c4b73a79dcfffeac19ecc81443c283aee2", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:f2015264159662304c9cde852466e8bce4e9a92d666d0cebd9e337cec7262b05", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:fa7bb68e60ae67627280fd2d2c89e8462941f69946e0792f639a14df936df734", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..1151f1f416a --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm7pvjk5lnbi", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "2.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm7pvjk5lnbi (cbl-mariner 2.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-arm64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-arm64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-arm64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-arm64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-arm64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-arm64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-arm64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0.txt new file mode 100644 index 00000000000..8f554cb6eab --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/202308.22.0.txt @@ -0,0 +1,696 @@ +Starting build on Tue Aug 22 16:27:01 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.16.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 49040644 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 112518232 Jun 12 19:27 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 44564480 Jun 12 19:27 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 112191384 Jun 12 19:27 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 44630016 Jun 12 19:27 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 100728832 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 47054848 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 116765240 Jun 12 19:43 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 46465024 Jun 12 19:43 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 109832568 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 43581440 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 116748696 Jun 12 19:44 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 46465024 Jun 12 19:44 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 109836824 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 43581440 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 112847936 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 44630016 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 100728832 Jun 19 17:03 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 47054848 Jun 19 17:03 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 110460512 Jun 19 17:04 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 43581440 Jun 19 17:04 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 117384832 Jun 19 17:05 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 46465024 Jun 19 17:05 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:27 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:27 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 33595200 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 44976688 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 43353240 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 49910128 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 51531936 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 57806112 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 38155688 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +filesystem-1.1-15.cm2.aarch64 +glibc-2.35-4.cm2.aarch64 +libgcc-11.2.0-4.cm2.aarch64 +pcre-libs-8.45-2.cm2.aarch64 +libstdc++-11.2.0-4.cm2.aarch64 +zlib-1.2.13-1.cm2.aarch64 +xz-libs-5.2.5-1.cm2.aarch64 +ncurses-libs-6.4-1.cm2.aarch64 +readline-8.1-1.cm2.aarch64 +libcap-2.60-2.cm2.aarch64 +bzip2-libs-1.0.8-1.cm2.aarch64 +pcre-8.45-2.cm2.aarch64 +gmp-6.2.1-3.cm2.aarch64 +libselinux-3.2-1.cm2.aarch64 +coreutils-8.32-6.cm2.aarch64 +grep-3.7-2.cm2.aarch64 +bash-5.1.8-3.cm2.aarch64 +libsepol-3.2-2.cm2.aarch64 +xz-5.2.5-1.cm2.aarch64 +kmod-29-1.cm2.aarch64 +kernel-5.15.125.1-2.cm2.aarch64 +mariner-release-2.0-48.cm2.noarch +shim-unsigned-15.4-2.cm2.aarch64 +grub2-efi-binary-2.06-10.cm2.aarch64 +popt-1.18-1.cm2.aarch64 +slang-2.3.2-4.cm2.aarch64 +newt-0.52.21-4.cm2.aarch64 +chkconfig-1.20-3.cm2.aarch64 +ca-certificates-shared-2.0.0-13.cm2.noarch +libffi-3.4.2-2.cm2.aarch64 +p11-kit-0.24.1-1.cm2.aarch64 +libtasn1-4.19.0-1.cm2.aarch64 +p11-kit-trust-0.24.1-1.cm2.aarch64 +ca-certificates-tools-2.0.0-13.cm2.noarch +ca-certificates-2.0.0-13.cm2.noarch +util-linux-libs-2.37.4-6.cm2.aarch64 +libgpg-error-1.46-1.cm2.aarch64 +openssl-libs-1.1.1k-24.cm2.aarch64 +libgcrypt-1.9.4-1.cm2.aarch64 +glib-2.71.0-1.cm2.aarch64 +lz4-1.9.3-1.cm2.aarch64 +systemd-rpm-macros-250.3-17.cm2.noarch +libcap-ng-0.8.2-2.cm2.aarch64 +audit-libs-3.0.6-7.cm2.aarch64 +json-c-0.15-1.cm2.aarch64 +cracklib-2.9.7-5.cm2.aarch64 +cracklib-dicts-2.9.7-5.cm2.aarch64 +pam-1.5.1-5.cm2.aarch64 +cryptsetup-libs-2.4.3-3.cm2.aarch64 +systemd-250.3-17.cm2.aarch64 +device-mapper-libs-2.03.15-2.cm2.aarch64 +cronie-1.5.7-2.cm2.aarch64 +cronie-anacron-1.5.7-2.cm2.aarch64 +logrotate-3.20.1-1.cm2.aarch64 +openssl-1.1.1k-24.cm2.aarch64 +sqlite-libs-3.39.2-2.cm2.aarch64 +expat-libs-2.5.0-1.cm2.aarch64 +zstd-libs-1.5.0-1.cm2.aarch64 +elfutils-libelf-0.186-1.cm2.aarch64 +e2fsprogs-libs-1.46.5-3.cm2.aarch64 +krb5-1.19.4-1.cm2.aarch64 +libassuan-2.5.5-2.cm2.aarch64 +expat-2.5.0-1.cm2.aarch64 +libssh2-1.9.0-2.cm2.aarch64 +iana-etc-20211115-2.cm2.noarch +libpwquality-1.4.4-1.cm2.aarch64 +file-libs-5.40-2.cm2.aarch64 +device-mapper-2.03.15-2.cm2.aarch64 +device-mapper-event-libs-2.03.15-2.cm2.aarch64 +ncurses-6.4-1.cm2.aarch64 +lmdb-libs-0.9.29-1.cm2.aarch64 +lua-libs-5.4.4-1.cm2.aarch64 +rpm-libs-4.18.0-3.cm2.aarch64 +libsolv-0.7.24-1.cm2.aarch64 +libedit-3.1.20210910-1.cm2.aarch64 +procps-ng-3.3.17-1.cm2.aarch64 +device-mapper-event-2.03.15-2.cm2.aarch64 +util-linux-2.37.4-6.cm2.aarch64 +file-5.40-2.cm2.aarch64 +cryptsetup-2.4.3-3.cm2.aarch64 +iptables-1.8.7-3.cm2.aarch64 +dbus-1.15.2-3.cm2.aarch64 +pinentry-1.2.0-1.cm2.aarch64 +openssh-clients-8.9p1-1.cm2.aarch64 +e2fsprogs-1.46.5-3.cm2.aarch64 +libarchive-3.6.1-2.cm2.aarch64 +rpm-4.18.0-3.cm2.aarch64 +bc-1.07.1-4.cm2.aarch64 +bridge-utils-1.7.1-1.cm2.aarch64 +cpio-2.13-4.cm2.aarch64 +gdbm-1.21-1.cm2.aarch64 +iputils-20211215-1.cm2.aarch64 +irqbalance-1.8.0-2.cm2.aarch64 +libtool-2.4.6-8.cm2.aarch64 +mariner-rpm-macros-2.0-23.cm2.noarch +net-tools-2.10-2.cm2.aarch64 +tar-1.34-1.cm2.aarch64 +tzdata-2023c-1.cm2.noarch +which-2.21-8.cm2.aarch64 +libseccomp-2.5.3-1.cm2.aarch64 +nettle-3.7.3-2.cm2.aarch64 +bzip2-1.0.8-1.cm2.aarch64 +ca-certificates-base-2.0.0-13.cm2.noarch +findutils-4.8.0-4.cm2.aarch64 +gzip-1.12-1.cm2.aarch64 +sed-4.8-2.cm2.aarch64 +libmnl-1.0.4-6.cm2.aarch64 +iproute-5.15.0-2.cm2.aarch64 +libaio-0.3.112-4.cm2.aarch64 +lvm2-2.03.15-2.cm2.aarch64 +pkgconf-m4-1.8.0-3.cm2.noarch +libsemanage-3.2-2.cm2.aarch64 +shadow-utils-4.9-12.cm2.aarch64 +tdnf-cli-libs-3.5.2-2.cm2.aarch64 +libpkgconf-1.8.0-3.cm2.aarch64 +pkgconf-1.8.0-3.cm2.aarch64 +pkgconf-pkg-config-1.8.0-3.cm2.aarch64 +bind-license-9.16.33-2.cm2.noarch +libuv-1.43.0-1.cm2.aarch64 +libxml2-2.10.4-1.cm2.aarch64 +bind-libs-9.16.33-2.cm2.aarch64 +bind-utils-9.16.33-2.cm2.aarch64 +chrony-4.1-2.cm2.aarch64 +nghttp2-1.46.0-3.cm2.aarch64 +curl-libs-8.2.1-1.cm2.aarch64 +tdnf-3.5.2-2.cm2.aarch64 +curl-8.2.1-1.cm2.aarch64 +libdb-5.3.28-7.cm2.aarch64 +cyrus-sasl-lib-2.1.28-4.cm2.aarch64 +openldap-2.4.57-8.cm2.aarch64 +sudo-1.9.13p3-2.cm2.aarch64 +libksba-1.6.3-1.cm2.aarch64 +npth-1.6-4.cm2.aarch64 +gnupg2-2.4.0-2.cm2.aarch64 +gpgme-1.16.0-1.cm2.aarch64 +mariner-repos-shared-2.0-8.cm2.noarch +mariner-repos-microsoft-2.0-8.cm2.noarch +mariner-repos-extras-2.0-8.cm2.noarch +mariner-repos-2.0-8.cm2.noarch +tdnf-plugin-repogpgcheck-3.5.2-2.cm2.aarch64 +core-packages-container-2.0-8.cm2.aarch64 +core-packages-base-image-2.0-8.cm2.aarch64 +dracut-055-5.cm2.aarch64 +initramfs-2.0-13.cm2.aarch64 +python3-3.9.14-6.cm2.aarch64 +python3-libs-3.9.14-6.cm2.aarch64 +zchunk-libs-1.1.16-2.cm2.aarch64 +zchunk-1.1.16-2.cm2.aarch64 +librepo-1.15.1-1.cm2.aarch64 +python3-curses-3.9.14-6.cm2.aarch64 +python3-gpg-1.16.0-1.cm2.aarch64 +dnf-data-4.8.0-2.cm2.noarch +libcomps-0.1.18-1.cm2.aarch64 +python3-libcomps-0.1.18-1.cm2.aarch64 +elfutils-default-yama-scope-0.186-1.cm2.noarch +libgomp-11.2.0-4.cm2.aarch64 +popt-devel-1.18-1.cm2.aarch64 +libyaml-0.2.5-3.cm2.aarch64 +libmodulemd-2.13.0-2.cm2.aarch64 +libdnf-0.63.1-1.cm2.aarch64 +python3-libdnf-0.63.1-1.cm2.aarch64 +python3-hawkey-0.63.1-1.cm2.aarch64 +elfutils-libelf-devel-0.186-1.cm2.aarch64 +xz-devel-5.2.5-1.cm2.aarch64 +zlib-devel-1.2.13-1.cm2.aarch64 +zstd-1.5.0-1.cm2.aarch64 +zstd-devel-1.5.0-1.cm2.aarch64 +elfutils-0.186-1.cm2.aarch64 +elfutils-devel-0.186-1.cm2.aarch64 +rpm-build-libs-4.18.0-3.cm2.aarch64 +rpm-devel-4.18.0-3.cm2.aarch64 +python3-rpm-4.18.0-3.cm2.aarch64 +python3-dnf-4.8.0-2.cm2.noarch +dnf-4.8.0-2.cm2.noarch +wget-1.21.2-1.cm2.aarch64 +python3-six-1.16.0-2.cm2.noarch +python3-markupsafe-2.1.0-1.cm2.aarch64 +python3-idna-3.3-1.cm2.noarch +python3-jinja2-3.0.3-2.cm2.noarch +python3-configobj-5.0.6-7.cm2.noarch +PyYAML-3.13-8.cm2.aarch64 +python3-jsonschema-2.6.0-6.cm2.noarch +python3-netifaces-0.11.0-1.cm2.aarch64 +python3-oauthlib-2.1.0-7.cm2.noarch +python3-setuptools-3.9.14-6.cm2.noarch +dhcp-libs-4.4.2-5.cm2.aarch64 +dhcp-client-4.4.2-5.cm2.aarch64 +python3-jsonpointer-2.2-1.cm2.noarch +python3-jsonpatch-1.32-1.cm2.noarch +python3-wcwidth-0.2.5-1.cm2.noarch +python3-prettytable-3.2.0-2.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch +python3-charset-normalizer-2.0.11-2.cm2.noarch +python3-urllib3-1.26.9-1.cm2.noarch +python3-asn1crypto-1.5.1-1.cm2.noarch +python3-pyasn1-0.4.8-1.cm2.noarch +python3-pycparser-2.21-1.cm2.noarch +python3-cffi-1.15.0-2.cm2.aarch64 +python3-pyparsing-3.0.7-1.cm2.noarch +python3-packaging-21.3-1.cm2.noarch +python3-cryptography-3.3.2-4.cm2.aarch64 +python3-pyOpenSSL-18.0.0-8.cm2.noarch +python3-requests-2.27.1-6.cm2.noarch +cloud-init-23.2-1.cm2.noarch +cloud-init-azure-kvp-23.2-1.cm2.noarch +gptfdisk-1.0.8-1.cm2.aarch64 +mpfr-4.1.0-1.cm2.aarch64 +gawk-5.1.0-2.cm2.aarch64 +cloud-utils-growpart-0.32-3.cm2.noarch +grub2-2.06-10.cm2.aarch64 +installkernel-1.0.0-2.cm2.noarch +grubby-8.40-45.cm2.aarch64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.aarch64 +hypervkvpd-5.15.125.1-1.cm2.aarch64 +hypervfcopyd-5.15.125.1-1.cm2.aarch64 +hyperv-daemons-5.15.125.1-1.cm2.aarch64 +lzo-2.10-4.cm2.aarch64 +squashfs-tools-4.5.1-1.cm2.aarch64 +ethtool-5.16-1.cm2.aarch64 +snappy-1.1.9-2.cm2.aarch64 +kexec-tools-2.0.23-2.cm2.aarch64 +libnl3-3.5.0-3.cm2.aarch64 +wpa_supplicant-2.10-1.cm2.aarch64 +netplan-0.95-1.cm2.aarch64 +ncurses-term-6.4-1.cm2.aarch64 +openssh-server-8.9p1-1.cm2.aarch64 +libestr-0.1.11-1.cm2.aarch64 +libfastjson-0.99.9-1.cm2.aarch64 +gc-8.0.0-4.cm2.aarch64 +libmpc-1.2.1-1.cm2.aarch64 +libstdc++-devel-11.2.0-4.cm2.aarch64 +liblognorm-2.0.6-2.cm2.aarch64 +postgresql-libs-14.8-1.cm2.aarch64 +autogen-libopts-5.18.16-8.cm2.aarch64 +cyrus-sasl-2.1.28-4.cm2.aarch64 +librdkafka1-1.8.2-1.cm2.aarch64 +glibc-iconv-2.35-4.cm2.aarch64 +libltdl-2.4.6-8.cm2.aarch64 +libunistring-0.9.10-5.cm2.aarch64 +guile-2.0.14-4.cm2.aarch64 +gnutls-3.7.7-2.cm2.aarch64 +librelp-1.10.0-1.cm2.aarch64 +make-4.3-2.cm2.aarch64 +libgcc-atomic-11.2.0-4.cm2.aarch64 +libgcc-devel-11.2.0-4.cm2.aarch64 +libgomp-devel-11.2.0-4.cm2.aarch64 +gcc-c++-11.2.0-4.cm2.aarch64 +gcc-11.2.0-4.cm2.aarch64 +perl-vmsish-1.04-488.cm2.noarch +perl-version-0.99.28-488.cm2.noarch +perl-subs-1.04-488.cm2.noarch +perl-ph-5.34.1-488.cm2.aarch64 +perl-perlfaq-5.20210411-488.cm2.noarch +perl-parent-0.238-488.cm2.noarch +perl-mro-1.25-488.cm2.aarch64 +perl-meta-notation-5.34.1-488.cm2.noarch +perl-less-0.03-488.cm2.noarch +perl-if-0.60.900-488.cm2.noarch +perl-filetest-1.03-488.cm2.noarch +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch +perl-Devel-PPPort-3.62-488.cm2.aarch64 +perl-vars-1.05-488.cm2.noarch +perl-sort-2.04-488.cm2.noarch +perl-overloading-0.02-488.cm2.noarch +perl-lib-0.65-488.cm2.aarch64 +perl-experimental-0.024-488.cm2.noarch +perl-encoding-warnings-0.13-488.cm2.noarch +perl-deprecate-0.04-488.cm2.noarch +perl-constant-1.33-488.cm2.noarch +perl-base-2.27-488.cm2.noarch +perl-autouse-1.11-488.cm2.noarch +perl-Tie-Memoize-1.1-488.cm2.noarch +perl-Env-1.05-488.cm2.noarch +perl-Tie-4.6-488.cm2.noarch +perl-Term-ReadLine-1.17-488.cm2.noarch +perl-Term-Cap-1.17-488.cm2.noarch +perl-Module-Loaded-0.08-488.cm2.noarch +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch +perl-AutoLoader-5.74-488.cm2.noarch +perl-Attribute-Handlers-1.01-488.cm2.noarch +perl-Unicode-Normalize-1.28-488.cm2.aarch64 +perl-Time-Local-1.300-488.cm2.noarch +perl-Time-HiRes-1.9767-488.cm2.aarch64 +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch +perl-File-DosGlob-1.12-488.cm2.aarch64 +perl-Text-ParseWords-3.30-488.cm2.noarch +perl-Text-Abbrev-1.02-488.cm2.noarch +perl-Term-Complete-1.403-488.cm2.noarch +perl-Term-ANSIColor-5.01-488.cm2.noarch +perl-sigtrap-1.09-488.cm2.noarch +perl-SelectSaver-1.02-488.cm2.noarch +perl-DirHandle-1.05-488.cm2.noarch +perl-Symbol-1.09-488.cm2.noarch +perl-Socket-2.031-488.cm2.aarch64 +perl-Search-Dict-1.07-488.cm2.noarch +perl-threads-shared-1.62-488.cm2.aarch64 +perl-Thread-3.05-488.cm2.noarch +perl-threads-2.26-488.cm2.aarch64 +perl-Text-Balanced-2.04-488.cm2.noarch +perl-NEXT-0.68-488.cm2.noarch +perl-overload-1.33-488.cm2.noarch +perl-Time-Piece-1.3401-488.cm2.aarch64 +perl-Tie-RefHash-1.40-488.cm2.noarch +perl-Thread-Semaphore-2.13-488.cm2.noarch +perl-Thread-Queue-3.14-488.cm2.noarch +perl-Module-CoreList-5.20220313-488.cm2.noarch +perl-Scalar-List-Utils-1.55-488.cm2.aarch64 +perl-Pod-Functions-1.13-488.cm2.noarch +perl-Pod-Escapes-1.07-488.cm2.noarch +perl-Perl-OSType-1.010-488.cm2.noarch +perl-Opcode-1.50-488.cm2.aarch64 +perl-Math-Complex-1.59-488.cm2.noarch +perl-bignum-0.51-488.cm2.noarch +perl-Math-BigRat-0.2614-488.cm2.noarch +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.aarch64 +perl-Math-BigInt-1.9998.18-488.cm2.noarch +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch +perl-MIME-Base64-3.16-488.cm2.aarch64 +perl-I18N-Langinfo-0.19-488.cm2.aarch64 +perl-Params-Check-0.38-488.cm2.noarch +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch +perl-Locale-Maketext-1.29-488.cm2.noarch +perl-I18N-LangTags-0.45-488.cm2.noarch +perl-Hash-Util-FieldHash-1.21-488.cm2.aarch64 +perl-fields-2.27-488.cm2.noarch +perl-Hash-Util-0.25-488.cm2.aarch64 +perl-Getopt-Std-1.13-488.cm2.noarch +perl-Filter-Simple-0.96-488.cm2.noarch +perl-Filter-1.59-488.cm2.aarch64 +perl-FileCache-1.10-488.cm2.noarch +perl-File-Compare-1.100.600-488.cm2.noarch +perl-File-Basename-2.85-488.cm2.noarch +perl-locale-1.10-488.cm2.noarch +perl-Tie-File-1.06-488.cm2.noarch +perl-Sys-Syslog-0.36-488.cm2.aarch64 +perl-Sys-Hostname-1.23-488.cm2.aarch64 +perl-I18N-Collate-1.02-488.cm2.noarch +perl-POSIX-1.97-488.cm2.aarch64 +perl-Fcntl-1.14-488.cm2.aarch64 +perl-Errno-1.33-488.cm2.aarch64 +perl-English-1.11-488.cm2.noarch +perl-Digest-MD5-2.58-488.cm2.aarch64 +perl-Digest-1.19-488.cm2.noarch +perl-Dumpvalue-2.27-488.cm2.noarch +perl-Devel-Peek-1.30-488.cm2.aarch64 +perl-Config-Perl-V-0.33-488.cm2.noarch +perl-Config-Extensions-0.03-488.cm2.noarch +perl-Compress-Raw-Zlib-2.101-488.cm2.aarch64 +perl-User-pwent-1.03-488.cm2.noarch +perl-Time-1.03-488.cm2.noarch +perl-Net-1.02-488.cm2.noarch +perl-File-stat-1.09-488.cm2.noarch +perl-Class-Struct-0.66-488.cm2.noarch +perl-Benchmark-1.23-488.cm2.noarch +perl-autodie-2.34-488.cm2.noarch +perl-Safe-2.43-488.cm2.noarch +perl-ExtUtils-Constant-0.25-488.cm2.noarch +perl-Data-Dumper-2.179-488.cm2.aarch64 +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch +perl-B-1.82-488.cm2.aarch64 +perl-blib-1.07-488.cm2.noarch +perl-Unicode-Collate-1.29-488.cm2.aarch64 +perl-Module-Load-0.36-488.cm2.noarch +perl-Unicode-UCD-0.75-488.cm2.noarch +perl-Memoize-1.03-488.cm2.noarch +perl-Storable-3.23-488.cm2.aarch64 +perl-SelfLoader-1.26-488.cm2.noarch +perl-IPC-Open3-1.21-488.cm2.noarch +perl-IO-Socket-IP-0.41-488.cm2.noarch +perl-HTTP-Tiny-0.076-488.cm2.noarch +perl-libnet-3.13-488.cm2.noarch +perl-Net-Ping-2.74-488.cm2.noarch +perl-FileHandle-2.03-488.cm2.noarch +perl-IO-1.46-488.cm2.aarch64 +perl-FindBin-1.52-488.cm2.noarch +perl-debugger-1.60-488.cm2.noarch +perl-Test-Simple-1.302183-488.cm2.noarch +perl-Test-1.31-488.cm2.noarch +perl-Compress-Raw-Bzip2-2.101-488.cm2.aarch64 +perl-File-Temp-0.231.100-488.cm2.noarch +perl-File-Path-2.18-488.cm2.noarch +perl-IPC-Cmd-1.04-488.cm2.noarch +perl-Module-Load-Conditional-0.74-488.cm2.noarch +perl-Module-Metadata-1.000037-488.cm2.noarch +perl-ExtUtils-Command-7.62-488.cm2.noarch +perl-File-Find-1.39-488.cm2.noarch +perl-File-Fetch-1.00-488.cm2.noarch +perl-File-Copy-2.35-488.cm2.noarch +perl-ExtUtils-Manifest-1.73-488.cm2.noarch +perl-Devel-SelfStubber-1.06-488.cm2.noarch +perl-AutoSplit-5.74-488.cm2.noarch +perl-open-1.12-488.cm2.noarch +perl-encoding-3.00-488.cm2.aarch64 +perl-utils-5.34.1-488.cm2.noarch +perl-diagnostics-1.37-488.cm2.noarch +perl-Test-Harness-3.43-488.cm2.noarch +perl-podlators-4.14-488.cm2.noarch +perl-Pod-Simple-3.42-488.cm2.noarch +perl-Pod-Html-1.27-488.cm2.noarch +perl-Pod-Checker-1.74-488.cm2.noarch +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch +perl-Digest-SHA-6.02-488.cm2.aarch64 +perl-Getopt-Long-2.52-488.cm2.noarch +perl-Pod-Usage-2.01-488.cm2.noarch +perl-JSON-PP-4.06-488.cm2.noarch +perl-IO-Zlib-1.11-488.cm2.noarch +perl-Archive-Tar-2.38-488.cm2.noarch +perl-IO-Compress-2.102-488.cm2.noarch +perl-DBM_Filter-0.06-488.cm2.noarch +perl-CPAN-Meta-2.150010-488.cm2.noarch +perl-IPC-SysV-2.09-488.cm2.aarch64 +perl-libnetcfg-5.34.1-488.cm2.noarch +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch +perl-ExtUtils-Embed-1.35-488.cm2.noarch +perl-Encode-devel-3.08-488.cm2.noarch +perl-devel-5.34.1-488.cm2.aarch64 +perl-ExtUtils-Install-2.20-488.cm2.noarch +perl-CPAN-2.28-488.cm2.noarch +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch +perl-ODBM_File-1.17-488.cm2.aarch64 +perl-NDBM_File-1.15-488.cm2.aarch64 +perl-GDBM_File-1.19-488.cm2.aarch64 +perl-PathTools-3.80-488.cm2.aarch64 +perl-Exporter-5.76-488.cm2.noarch +perl-Pod-Perldoc-3.28.01-488.cm2.noarch +perl-Encode-3.08-488.cm2.aarch64 +perl-DynaLoader-1.50-488.cm2.aarch64 +perl-Carp-1.52-488.cm2.noarch +perl-5.34.1-488.cm2.aarch64 +perl-libs-5.34.1-488.cm2.aarch64 +perl-doc-5.34.1-488.cm2.noarch +perl-macros-5.34.1-488.cm2.noarch +perl-interpreter-5.34.1-488.cm2.aarch64 +net-snmp-libs-5.9.1-2.cm2.aarch64 +rsyslog-8.2204.1-3.cm2.aarch64 +sgx-backwards-compatability-1.0.0-1.cm2.aarch64 +openssh-8.9p1-1.cm2.aarch64 +python3-distro-1.6.0-2.cm2.noarch +WALinuxAgent-2.3.1.1-3.cm2.noarch +iw-5.9-1.cm2.aarch64 +wireless-regdb-2022.08.12-1.cm2.noarch +gpg-pubkey-3135ce90-5e6fda74 +gpg-pubkey-be1229cf-5631588c +inotify-tools-3.22.1.0-1.cm2.aarch64 +fuse-2.9.7-10.cm2.aarch64 +boost-1.76.0-3.cm2.aarch64 +blobfuse-1.4.5-10.cm2.aarch64 +python3-dbus-1.2.16-3.cm2.aarch64 +python3-dateutil-2.7.3-5.cm2.noarch +python3-dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-utils-4.0.24-3.cm2.noarch +check-restart-1.0.0-2.cm2.aarch64 +keyutils-1.6.1-1.cm2.aarch64 +cifs-utils-6.14-2.cm2.aarch64 +libnfnetlink-1.0.1-5.cm2.aarch64 +libnetfilter_conntrack-1.0.8-1.cm2.aarch64 +libnetfilter_queue-1.0.5-1.cm2.aarch64 +libnetfilter_cttimeout-1.0.0-5.cm2.aarch64 +libnetfilter_cthelper-1.0.0-5.cm2.aarch64 +conntrack-tools-1.4.5-7.cm2.aarch64 +dnf-automatic-4.8.0-2.cm2.noarch +ebtables-legacy-2.0.11-6.cm2.aarch64 +apr-1.7.2-1.cm2.aarch64 +apr-util-1.6.3-1.cm2.aarch64 +utf8proc-2.6.1-2.cm2.aarch64 +libserf-1.3.9-8.cm2.aarch64 +subversion-1.14.2-1.cm2.aarch64 +subversion-perl-1.14.2-1.cm2.aarch64 +perl-YAML-1.30-2.cm2.noarch +perl-DBI-1.643-2.cm2.aarch64 +perl-CGI-4.54-3.cm2.noarch +less-590-2.cm2.aarch64 +git-2.33.8-1.cm2.aarch64 +iotop-0.6-10.cm2.noarch +ipset-7.15-1.cm2.aarch64 +oniguruma-6.9.7.1-1.cm2.aarch64 +jq-1.6-1.cm2.aarch64 +kernel-devel-5.15.125.1-2.cm2.aarch64 +libtirpc-1.3.3-1.cm2.aarch64 +lsof-4.94.0-1.cm2.aarch64 +libpcap-1.10.1-1.cm2.aarch64 +nmap-ncat-7.93-1.cm2.aarch64 +rpcbind-1.2.5-5.cm2.aarch64 +libnfsidmap-2.5.4-2.cm2.aarch64 +libevent-2.1.12-1.cm2.aarch64 +nfs-utils-2.5.4-2.cm2.aarch64 +pigz-2.6-2.cm2.aarch64 +psmisc-23.4-1.cm2.aarch64 +socat-1.7.4.3-1.cm2.aarch64 +sysstat-12.7.1-2.cm2.aarch64 +traceroute-2.1.0-6.cm2.aarch64 +zip-3.0-5.cm2.aarch64 +libapparmor-3.0.4-1.cm2.aarch64 +apparmor-parser-3.0.4-1.cm2.aarch64 +fuse3-libs-3.10.5-2.cm2.aarch64 +fuse-common-3.10.5-2.cm2.aarch64 +fuse3-3.10.5-2.cm2.aarch64 +blobfuse2-2.0.5-1.cm2.aarch64 +libnftnl-1.2.1-1.cm2.aarch64 +jansson-2.14-1.cm2.aarch64 +nftables-1.0.1-1.cm2.aarch64 +moby-runc-1.1.5-2.cm2.aarch64 +moby-containerd-1.6.18-5.cm2.aarch64 +llvm-12.0.1-7.cm2.aarch64 +binutils-devel-2.37-5.cm2.aarch64 +binutils-2.37-5.cm2.aarch64 +compiler-rt-12.0.1-1.cm2.aarch64 +clang-libs-12.0.1-4.cm2.aarch64 +bcc-0.27.0-1.cm2.aarch64 +clang-12.0.1-4.cm2.aarch64 +libbpf-1.0.1-1.cm2.aarch64 +bpftrace-0.16.0-1.cm2.aarch64 +python3-bcc-0.27.0-1.cm2.aarch64 +bcc-tools-0.27.0-1.cm2.aarch64 +bcc-examples-0.27.0-1.cm2.aarch64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 4.0M 0 4.0M 0% /dev +tmpfs 7.7G 0 7.7G 0% /dev/shm +tmpfs 3.1G 8.7M 3.1G 1% /run +tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup +/dev/sda3 29G 18G 11G 63% / +tmpfs 7.7G 4.0K 7.7G 1% /tmp +/dev/sda2 459M 61M 369M 15% /boot +/dev/sda1 64M 2.3M 62M 4% /boot/efi +/dev/sdb1 147G 32K 140G 1% /mnt +tmpfs 1.6G 0 1.6G 0% /run/user/1000 +Using kernel: +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 12:11:03 UTC 2023 +Install completed successfully on Tue Aug 22 16:46:59 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: false +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="2.0.20230811" +ID=mariner +VERSION_ID="2.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-image-list.json index 98d9fda2378..3531aa2b594 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V2gen2arm64", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:029e28acfa0a78d29a9be5f20a060c87a74ec8523f525522acb9411121866b3b", @@ -354,15 +354,6 @@ "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" ] }, - { - "id": "sha256:7088c136b71b7d895d89ae1f8fc0c9e42a0848bfb0deddbd07b17027ca26da2a", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:712be482d236ed8355d289dd28c1741f7056eb85277340a8e5e98c1f6be759b6", "repoTags": [ @@ -408,6 +399,24 @@ "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" ] }, + { + "id": "sha256:783c2028c9db5963e5d95b3dda2a57b75c2b82ed52012c38c5bf38086f3a207e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:790c4e91f08b87b1d29a7c24131803470e6fc13158247bc8f537c4a54ccd19f1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:7967ff637bc02782a265da08a9b2fa25ed9260f5afe22fcef22114265c28bad7", "repoTags": [ @@ -471,6 +480,15 @@ "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" ] }, + { + "id": "sha256:95415170ecc2b475736e4d24d760ba081970b09974f76370061d4de3f28428d5", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:97224bdbb8d620086c3a7b353cb50f036b47241daeb459449761a33e9964ce3a", "repoTags": [ @@ -490,30 +508,30 @@ ] }, { - "id": "sha256:9b2c961742d72d17baca025c7de50a8ef7cbabcf89d713741c4278b5d515ef28", + "id": "sha256:9ad6073e60874426ff782d3294e32ad3c1576fd7ecf277de03bf6cec835ea6dc", "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" ], "repoDigests": [ - "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" ] }, { - "id": "sha256:9e3aa067aebba2ba9848865d3c407a5bb141865310a65f2021087a9a3aa64dda", + "id": "sha256:9b2c961742d72d17baca025c7de50a8ef7cbabcf89d713741c4278b5d515ef28", "repoTags": [ - "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" ], "repoDigests": [ - "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" ] }, { - "id": "sha256:a1ded08b449f78cddc547b740eaabc1cd8eb70dcf19211cc6cfccb23c0e2cec1", + "id": "sha256:9e3aa067aebba2ba9848865d3c407a5bb141865310a65f2021087a9a3aa64dda", "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" ], "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" ] }, { @@ -696,15 +714,6 @@ "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" ] }, - { - "id": "sha256:c7ddf09993fce7d508c8cd83a4d0d1114aa75cb601006642e5a7bc746579ce16", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:c7df0e05d6c807082980d57dbd2cfc59d8bde3e58f8e86a350125177dd700877", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-report.json index cc55ea0231b..1151f1f416a 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest-trivy-report.json @@ -1,11 +1,11 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmkcu0i0ymtn", + "ArtifactName": "pkrvm7pvjk5lnbi", "ArtifactType": "filesystem", "Metadata": { "OS": { "Family": "cbl-mariner", - "Name": "2.0.20230805" + "Name": "2.0.20230811" }, "ImageConfig": { "architecture": "", @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmkcu0i0ymtn (cbl-mariner 2.0.20230805)", + "Target": "pkrvm7pvjk5lnbi (cbl-mariner 2.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest.txt index 21198f58ed5..8f554cb6eab 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2arm64/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:09:15 UTC 2023 +Starting build on Tue Aug 22 16:27:01 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 43581440 Jun 19 17:04 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 117384832 Jun 19 17:05 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 46465024 Jun 19 17:05 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:09 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:09 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 33595200 Aug 16 17:11 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 44976688 Aug 16 17:11 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 43353240 Aug 16 17:14 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 49910128 Aug 16 17:14 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 51531936 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 57806112 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 38155688 Aug 16 17:16 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:27 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:27 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 33595200 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 44976688 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 43353240 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 49910128 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 51531936 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 57806112 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 38155688 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin filesystem-1.1-15.cm2.aarch64 glibc-2.35-4.cm2.aarch64 @@ -159,8 +160,8 @@ bash-5.1.8-3.cm2.aarch64 libsepol-3.2-2.cm2.aarch64 xz-5.2.5-1.cm2.aarch64 kmod-29-1.cm2.aarch64 -kernel-5.15.122.1-2.cm2.aarch64 -mariner-release-2.0-46.cm2.noarch +kernel-5.15.125.1-2.cm2.aarch64 +mariner-release-2.0-48.cm2.noarch shim-unsigned-15.4-2.cm2.aarch64 grub2-efi-binary-2.06-10.cm2.aarch64 popt-1.18-1.cm2.aarch64 @@ -263,9 +264,9 @@ bind-libs-9.16.33-2.cm2.aarch64 bind-utils-9.16.33-2.cm2.aarch64 chrony-4.1-2.cm2.aarch64 nghttp2-1.46.0-3.cm2.aarch64 -curl-libs-8.0.1-2.cm2.aarch64 +curl-libs-8.2.1-1.cm2.aarch64 tdnf-3.5.2-2.cm2.aarch64 -curl-8.0.1-2.cm2.aarch64 +curl-8.2.1-1.cm2.aarch64 libdb-5.3.28-7.cm2.aarch64 cyrus-sasl-lib-2.1.28-4.cm2.aarch64 openldap-2.4.57-8.cm2.aarch64 @@ -330,7 +331,7 @@ python3-jsonpointer-2.2-1.cm2.noarch python3-jsonpatch-1.32-1.cm2.noarch python3-wcwidth-0.2.5-1.cm2.noarch python3-prettytable-3.2.0-2.cm2.noarch -python3-certifi-2022.12.07-1.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch python3-charset-normalizer-2.0.11-2.cm2.noarch python3-urllib3-1.26.9-1.cm2.noarch python3-asn1crypto-1.5.1-1.cm2.noarch @@ -351,11 +352,11 @@ cloud-utils-growpart-0.32-3.cm2.noarch grub2-2.06-10.cm2.aarch64 installkernel-1.0.0-2.cm2.noarch grubby-8.40-45.cm2.aarch64 -hyperv-daemons-license-5.15.122.1-1.cm2.noarch -hypervvssd-5.15.122.1-1.cm2.aarch64 -hypervkvpd-5.15.122.1-1.cm2.aarch64 -hypervfcopyd-5.15.122.1-1.cm2.aarch64 -hyperv-daemons-5.15.122.1-1.cm2.aarch64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.aarch64 +hypervkvpd-5.15.125.1-1.cm2.aarch64 +hypervfcopyd-5.15.125.1-1.cm2.aarch64 +hyperv-daemons-5.15.125.1-1.cm2.aarch64 lzo-2.10-4.cm2.aarch64 squashfs-tools-4.5.1-1.cm2.aarch64 ethtool-5.16-1.cm2.aarch64 @@ -620,7 +621,7 @@ iotop-0.6-10.cm2.noarch ipset-7.15-1.cm2.aarch64 oniguruma-6.9.7.1-1.cm2.aarch64 jq-1.6-1.cm2.aarch64 -kernel-devel-5.15.122.1-2.cm2.aarch64 +kernel-devel-5.15.125.1-2.cm2.aarch64 libtirpc-1.3.3-1.cm2.aarch64 lsof-4.94.0-1.cm2.aarch64 libpcap-1.10.1-1.cm2.aarch64 @@ -672,11 +673,11 @@ tmpfs 7.7G 4.0K 7.7G 1% /tmp /dev/sdb1 147G 32K 140G 1% /mnt tmpfs 1.6G 0 1.6G 0% /run/user/1000 Using kernel: -Linux version 5.15.122.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sat Aug 5 05:01:27 UTC 2023 -Install completed successfully on Wed Aug 16 17:28:19 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 12:11:03 UTC 2023 +Install completed successfully on Tue Aug 22 16:46:59 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V2 Feature flags: None @@ -684,7 +685,7 @@ Container runtime: containerd FIPS enabled: false === os-release Begin NAME="Common Base Linux Mariner" -VERSION="2.0.20230805" +VERSION="2.0.20230811" ID=mariner VERSION_ID="2.0" PRETTY_NAME="CBL-Mariner/Linux" diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-image-list.json new file mode 100644 index 00000000000..2ce9819c0b1 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V2gen2fips", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..9eac466ed07 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmv6v3ngiaad", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "2.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmv6v3ngiaad (cbl-mariner 2.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0.txt new file mode 100644 index 00000000000..20950c7413a --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/202308.22.0.txt @@ -0,0 +1,702 @@ +Starting build on Tue Aug 22 16:25:02 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.16.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:28 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:28 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:33 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +filesystem-1.1-15.cm2.x86_64 +glibc-2.35-4.cm2.x86_64 +libgcc-11.2.0-4.cm2.x86_64 +pcre-libs-8.45-2.cm2.x86_64 +libstdc++-11.2.0-4.cm2.x86_64 +zlib-1.2.13-1.cm2.x86_64 +xz-libs-5.2.5-1.cm2.x86_64 +ncurses-libs-6.4-1.cm2.x86_64 +readline-8.1-1.cm2.x86_64 +libcap-2.60-2.cm2.x86_64 +bzip2-libs-1.0.8-1.cm2.x86_64 +pcre-8.45-2.cm2.x86_64 +gmp-6.2.1-3.cm2.x86_64 +libselinux-3.2-1.cm2.x86_64 +coreutils-8.32-6.cm2.x86_64 +grep-3.7-2.cm2.x86_64 +bash-5.1.8-3.cm2.x86_64 +libsepol-3.2-2.cm2.x86_64 +xz-5.2.5-1.cm2.x86_64 +kmod-29-1.cm2.x86_64 +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch +shim-15.4-2.cm2.x86_64 +grub2-efi-binary-2.06-10.cm2.x86_64 +popt-1.18-1.cm2.x86_64 +slang-2.3.2-4.cm2.x86_64 +newt-0.52.21-4.cm2.x86_64 +chkconfig-1.20-3.cm2.x86_64 +ca-certificates-shared-2.0.0-13.cm2.noarch +libffi-3.4.2-2.cm2.x86_64 +p11-kit-0.24.1-1.cm2.x86_64 +libtasn1-4.19.0-1.cm2.x86_64 +p11-kit-trust-0.24.1-1.cm2.x86_64 +ca-certificates-tools-2.0.0-13.cm2.noarch +ca-certificates-2.0.0-13.cm2.noarch +util-linux-libs-2.37.4-6.cm2.x86_64 +libgpg-error-1.46-1.cm2.x86_64 +openssl-libs-1.1.1k-24.cm2.x86_64 +libgcrypt-1.9.4-1.cm2.x86_64 +glib-2.71.0-1.cm2.x86_64 +lz4-1.9.3-1.cm2.x86_64 +systemd-rpm-macros-250.3-17.cm2.noarch +libcap-ng-0.8.2-2.cm2.x86_64 +audit-libs-3.0.6-7.cm2.x86_64 +json-c-0.15-1.cm2.x86_64 +cracklib-2.9.7-5.cm2.x86_64 +cracklib-dicts-2.9.7-5.cm2.x86_64 +pam-1.5.1-5.cm2.x86_64 +cryptsetup-libs-2.4.3-3.cm2.x86_64 +systemd-250.3-17.cm2.x86_64 +device-mapper-libs-2.03.15-2.cm2.x86_64 +cronie-1.5.7-2.cm2.x86_64 +cronie-anacron-1.5.7-2.cm2.x86_64 +logrotate-3.20.1-1.cm2.x86_64 +openssl-1.1.1k-24.cm2.x86_64 +sqlite-libs-3.39.2-2.cm2.x86_64 +expat-libs-2.5.0-1.cm2.x86_64 +zstd-libs-1.5.0-1.cm2.x86_64 +elfutils-libelf-0.186-1.cm2.x86_64 +e2fsprogs-libs-1.46.5-3.cm2.x86_64 +krb5-1.19.4-1.cm2.x86_64 +libassuan-2.5.5-2.cm2.x86_64 +expat-2.5.0-1.cm2.x86_64 +libssh2-1.9.0-2.cm2.x86_64 +iana-etc-20211115-2.cm2.noarch +libpwquality-1.4.4-1.cm2.x86_64 +file-libs-5.40-2.cm2.x86_64 +device-mapper-2.03.15-2.cm2.x86_64 +device-mapper-event-libs-2.03.15-2.cm2.x86_64 +ncurses-6.4-1.cm2.x86_64 +lmdb-libs-0.9.29-1.cm2.x86_64 +lua-libs-5.4.4-1.cm2.x86_64 +rpm-libs-4.18.0-3.cm2.x86_64 +libsolv-0.7.24-1.cm2.x86_64 +libedit-3.1.20210910-1.cm2.x86_64 +procps-ng-3.3.17-1.cm2.x86_64 +device-mapper-event-2.03.15-2.cm2.x86_64 +util-linux-2.37.4-6.cm2.x86_64 +file-5.40-2.cm2.x86_64 +cryptsetup-2.4.3-3.cm2.x86_64 +iptables-1.8.7-3.cm2.x86_64 +dbus-1.15.2-3.cm2.x86_64 +pinentry-1.2.0-1.cm2.x86_64 +openssh-clients-8.9p1-1.cm2.x86_64 +e2fsprogs-1.46.5-3.cm2.x86_64 +libarchive-3.6.1-2.cm2.x86_64 +rpm-4.18.0-3.cm2.x86_64 +bc-1.07.1-4.cm2.x86_64 +bridge-utils-1.7.1-1.cm2.x86_64 +cpio-2.13-4.cm2.x86_64 +gdbm-1.21-1.cm2.x86_64 +iputils-20211215-1.cm2.x86_64 +irqbalance-1.8.0-2.cm2.x86_64 +libtool-2.4.6-8.cm2.x86_64 +mariner-rpm-macros-2.0-23.cm2.noarch +net-tools-2.10-2.cm2.x86_64 +tar-1.34-1.cm2.x86_64 +tzdata-2023c-1.cm2.noarch +which-2.21-8.cm2.x86_64 +libseccomp-2.5.3-1.cm2.x86_64 +nettle-3.7.3-2.cm2.x86_64 +bzip2-1.0.8-1.cm2.x86_64 +ca-certificates-base-2.0.0-13.cm2.noarch +findutils-4.8.0-4.cm2.x86_64 +gzip-1.12-1.cm2.x86_64 +sed-4.8-2.cm2.x86_64 +libmnl-1.0.4-6.cm2.x86_64 +iproute-5.15.0-2.cm2.x86_64 +libaio-0.3.112-4.cm2.x86_64 +lvm2-2.03.15-2.cm2.x86_64 +pkgconf-m4-1.8.0-3.cm2.noarch +libsemanage-3.2-2.cm2.x86_64 +shadow-utils-4.9-12.cm2.x86_64 +tdnf-cli-libs-3.5.2-2.cm2.x86_64 +libpkgconf-1.8.0-3.cm2.x86_64 +pkgconf-1.8.0-3.cm2.x86_64 +pkgconf-pkg-config-1.8.0-3.cm2.x86_64 +bind-license-9.16.33-2.cm2.noarch +libuv-1.43.0-1.cm2.x86_64 +libxml2-2.10.4-1.cm2.x86_64 +bind-libs-9.16.33-2.cm2.x86_64 +bind-utils-9.16.33-2.cm2.x86_64 +chrony-4.1-2.cm2.x86_64 +nghttp2-1.46.0-3.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 +tdnf-3.5.2-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 +libdb-5.3.28-7.cm2.x86_64 +cyrus-sasl-lib-2.1.28-4.cm2.x86_64 +openldap-2.4.57-8.cm2.x86_64 +sudo-1.9.13p3-2.cm2.x86_64 +libksba-1.6.3-1.cm2.x86_64 +npth-1.6-4.cm2.x86_64 +gnupg2-2.4.0-2.cm2.x86_64 +gpgme-1.16.0-1.cm2.x86_64 +mariner-repos-shared-2.0-8.cm2.noarch +mariner-repos-microsoft-2.0-8.cm2.noarch +mariner-repos-extras-2.0-8.cm2.noarch +mariner-repos-2.0-8.cm2.noarch +tdnf-plugin-repogpgcheck-3.5.2-2.cm2.x86_64 +core-packages-container-2.0-8.cm2.x86_64 +core-packages-base-image-2.0-8.cm2.x86_64 +dracut-055-5.cm2.x86_64 +initramfs-2.0-13.cm2.x86_64 +python3-3.9.14-6.cm2.x86_64 +python3-libs-3.9.14-6.cm2.x86_64 +zchunk-libs-1.1.16-2.cm2.x86_64 +zchunk-1.1.16-2.cm2.x86_64 +librepo-1.15.1-1.cm2.x86_64 +python3-curses-3.9.14-6.cm2.x86_64 +python3-gpg-1.16.0-1.cm2.x86_64 +dnf-data-4.8.0-2.cm2.noarch +libcomps-0.1.18-1.cm2.x86_64 +python3-libcomps-0.1.18-1.cm2.x86_64 +elfutils-default-yama-scope-0.186-1.cm2.noarch +libgomp-11.2.0-4.cm2.x86_64 +popt-devel-1.18-1.cm2.x86_64 +libyaml-0.2.5-3.cm2.x86_64 +libmodulemd-2.13.0-2.cm2.x86_64 +libdnf-0.63.1-1.cm2.x86_64 +python3-libdnf-0.63.1-1.cm2.x86_64 +python3-hawkey-0.63.1-1.cm2.x86_64 +elfutils-libelf-devel-0.186-1.cm2.x86_64 +xz-devel-5.2.5-1.cm2.x86_64 +zlib-devel-1.2.13-1.cm2.x86_64 +zstd-1.5.0-1.cm2.x86_64 +zstd-devel-1.5.0-1.cm2.x86_64 +elfutils-0.186-1.cm2.x86_64 +elfutils-devel-0.186-1.cm2.x86_64 +rpm-build-libs-4.18.0-3.cm2.x86_64 +rpm-devel-4.18.0-3.cm2.x86_64 +python3-rpm-4.18.0-3.cm2.x86_64 +python3-dnf-4.8.0-2.cm2.noarch +dnf-4.8.0-2.cm2.noarch +wget-1.21.2-1.cm2.x86_64 +python3-six-1.16.0-2.cm2.noarch +python3-markupsafe-2.1.0-1.cm2.x86_64 +python3-idna-3.3-1.cm2.noarch +python3-jinja2-3.0.3-2.cm2.noarch +python3-configobj-5.0.6-7.cm2.noarch +PyYAML-3.13-8.cm2.x86_64 +python3-jsonschema-2.6.0-6.cm2.noarch +python3-netifaces-0.11.0-1.cm2.x86_64 +python3-oauthlib-2.1.0-7.cm2.noarch +python3-setuptools-3.9.14-6.cm2.noarch +dhcp-libs-4.4.2-5.cm2.x86_64 +dhcp-client-4.4.2-5.cm2.x86_64 +python3-jsonpointer-2.2-1.cm2.noarch +python3-jsonpatch-1.32-1.cm2.noarch +python3-wcwidth-0.2.5-1.cm2.noarch +python3-prettytable-3.2.0-2.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch +python3-charset-normalizer-2.0.11-2.cm2.noarch +python3-urllib3-1.26.9-1.cm2.noarch +python3-asn1crypto-1.5.1-1.cm2.noarch +python3-pyasn1-0.4.8-1.cm2.noarch +python3-pycparser-2.21-1.cm2.noarch +python3-cffi-1.15.0-2.cm2.x86_64 +python3-pyparsing-3.0.7-1.cm2.noarch +python3-packaging-21.3-1.cm2.noarch +python3-cryptography-3.3.2-4.cm2.x86_64 +python3-pyOpenSSL-18.0.0-8.cm2.noarch +python3-requests-2.27.1-6.cm2.noarch +cloud-init-23.2-1.cm2.noarch +cloud-init-azure-kvp-23.2-1.cm2.noarch +gptfdisk-1.0.8-1.cm2.x86_64 +mpfr-4.1.0-1.cm2.x86_64 +gawk-5.1.0-2.cm2.x86_64 +cloud-utils-growpart-0.32-3.cm2.noarch +grub2-2.06-10.cm2.x86_64 +installkernel-1.0.0-2.cm2.noarch +grubby-8.40-45.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 +lzo-2.10-4.cm2.x86_64 +squashfs-tools-4.5.1-1.cm2.x86_64 +ethtool-5.16-1.cm2.x86_64 +snappy-1.1.9-2.cm2.x86_64 +kexec-tools-2.0.23-2.cm2.x86_64 +libnl3-3.5.0-3.cm2.x86_64 +wpa_supplicant-2.10-1.cm2.x86_64 +netplan-0.95-1.cm2.x86_64 +ncurses-term-6.4-1.cm2.x86_64 +openssh-server-8.9p1-1.cm2.x86_64 +libestr-0.1.11-1.cm2.x86_64 +libfastjson-0.99.9-1.cm2.x86_64 +gc-8.0.0-4.cm2.x86_64 +libmpc-1.2.1-1.cm2.x86_64 +libstdc++-devel-11.2.0-4.cm2.x86_64 +liblognorm-2.0.6-2.cm2.x86_64 +postgresql-libs-14.8-1.cm2.x86_64 +autogen-libopts-5.18.16-8.cm2.x86_64 +cyrus-sasl-2.1.28-4.cm2.x86_64 +librdkafka1-1.8.2-1.cm2.x86_64 +glibc-iconv-2.35-4.cm2.x86_64 +libltdl-2.4.6-8.cm2.x86_64 +libunistring-0.9.10-5.cm2.x86_64 +guile-2.0.14-4.cm2.x86_64 +gnutls-3.7.7-2.cm2.x86_64 +librelp-1.10.0-1.cm2.x86_64 +make-4.3-2.cm2.x86_64 +libgcc-atomic-11.2.0-4.cm2.x86_64 +libgcc-devel-11.2.0-4.cm2.x86_64 +libgomp-devel-11.2.0-4.cm2.x86_64 +gcc-c++-11.2.0-4.cm2.x86_64 +gcc-11.2.0-4.cm2.x86_64 +perl-vmsish-1.04-488.cm2.noarch +perl-version-0.99.28-488.cm2.noarch +perl-subs-1.04-488.cm2.noarch +perl-ph-5.34.1-488.cm2.x86_64 +perl-perlfaq-5.20210411-488.cm2.noarch +perl-parent-0.238-488.cm2.noarch +perl-mro-1.25-488.cm2.x86_64 +perl-meta-notation-5.34.1-488.cm2.noarch +perl-less-0.03-488.cm2.noarch +perl-if-0.60.900-488.cm2.noarch +perl-filetest-1.03-488.cm2.noarch +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch +perl-Devel-PPPort-3.62-488.cm2.x86_64 +perl-vars-1.05-488.cm2.noarch +perl-sort-2.04-488.cm2.noarch +perl-overloading-0.02-488.cm2.noarch +perl-lib-0.65-488.cm2.x86_64 +perl-experimental-0.024-488.cm2.noarch +perl-encoding-warnings-0.13-488.cm2.noarch +perl-deprecate-0.04-488.cm2.noarch +perl-constant-1.33-488.cm2.noarch +perl-base-2.27-488.cm2.noarch +perl-autouse-1.11-488.cm2.noarch +perl-Tie-Memoize-1.1-488.cm2.noarch +perl-Env-1.05-488.cm2.noarch +perl-Tie-4.6-488.cm2.noarch +perl-Term-ReadLine-1.17-488.cm2.noarch +perl-Term-Cap-1.17-488.cm2.noarch +perl-Module-Loaded-0.08-488.cm2.noarch +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch +perl-AutoLoader-5.74-488.cm2.noarch +perl-Attribute-Handlers-1.01-488.cm2.noarch +perl-Unicode-Normalize-1.28-488.cm2.x86_64 +perl-Time-Local-1.300-488.cm2.noarch +perl-Time-HiRes-1.9767-488.cm2.x86_64 +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch +perl-File-DosGlob-1.12-488.cm2.x86_64 +perl-Text-ParseWords-3.30-488.cm2.noarch +perl-Text-Abbrev-1.02-488.cm2.noarch +perl-Term-Complete-1.403-488.cm2.noarch +perl-Term-ANSIColor-5.01-488.cm2.noarch +perl-sigtrap-1.09-488.cm2.noarch +perl-SelectSaver-1.02-488.cm2.noarch +perl-DirHandle-1.05-488.cm2.noarch +perl-Symbol-1.09-488.cm2.noarch +perl-Socket-2.031-488.cm2.x86_64 +perl-Search-Dict-1.07-488.cm2.noarch +perl-threads-shared-1.62-488.cm2.x86_64 +perl-Thread-3.05-488.cm2.noarch +perl-threads-2.26-488.cm2.x86_64 +perl-Text-Balanced-2.04-488.cm2.noarch +perl-NEXT-0.68-488.cm2.noarch +perl-overload-1.33-488.cm2.noarch +perl-Time-Piece-1.3401-488.cm2.x86_64 +perl-Tie-RefHash-1.40-488.cm2.noarch +perl-Thread-Semaphore-2.13-488.cm2.noarch +perl-Thread-Queue-3.14-488.cm2.noarch +perl-Module-CoreList-5.20220313-488.cm2.noarch +perl-Scalar-List-Utils-1.55-488.cm2.x86_64 +perl-Pod-Functions-1.13-488.cm2.noarch +perl-Pod-Escapes-1.07-488.cm2.noarch +perl-Perl-OSType-1.010-488.cm2.noarch +perl-Opcode-1.50-488.cm2.x86_64 +perl-Math-Complex-1.59-488.cm2.noarch +perl-bignum-0.51-488.cm2.noarch +perl-Math-BigRat-0.2614-488.cm2.noarch +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.x86_64 +perl-Math-BigInt-1.9998.18-488.cm2.noarch +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch +perl-MIME-Base64-3.16-488.cm2.x86_64 +perl-I18N-Langinfo-0.19-488.cm2.x86_64 +perl-Params-Check-0.38-488.cm2.noarch +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch +perl-Locale-Maketext-1.29-488.cm2.noarch +perl-I18N-LangTags-0.45-488.cm2.noarch +perl-Hash-Util-FieldHash-1.21-488.cm2.x86_64 +perl-fields-2.27-488.cm2.noarch +perl-Hash-Util-0.25-488.cm2.x86_64 +perl-Getopt-Std-1.13-488.cm2.noarch +perl-Filter-Simple-0.96-488.cm2.noarch +perl-Filter-1.59-488.cm2.x86_64 +perl-FileCache-1.10-488.cm2.noarch +perl-File-Compare-1.100.600-488.cm2.noarch +perl-File-Basename-2.85-488.cm2.noarch +perl-locale-1.10-488.cm2.noarch +perl-Tie-File-1.06-488.cm2.noarch +perl-Sys-Syslog-0.36-488.cm2.x86_64 +perl-Sys-Hostname-1.23-488.cm2.x86_64 +perl-I18N-Collate-1.02-488.cm2.noarch +perl-POSIX-1.97-488.cm2.x86_64 +perl-Fcntl-1.14-488.cm2.x86_64 +perl-Errno-1.33-488.cm2.x86_64 +perl-English-1.11-488.cm2.noarch +perl-Digest-MD5-2.58-488.cm2.x86_64 +perl-Digest-1.19-488.cm2.noarch +perl-Dumpvalue-2.27-488.cm2.noarch +perl-Devel-Peek-1.30-488.cm2.x86_64 +perl-Config-Perl-V-0.33-488.cm2.noarch +perl-Config-Extensions-0.03-488.cm2.noarch +perl-Compress-Raw-Zlib-2.101-488.cm2.x86_64 +perl-User-pwent-1.03-488.cm2.noarch +perl-Time-1.03-488.cm2.noarch +perl-Net-1.02-488.cm2.noarch +perl-File-stat-1.09-488.cm2.noarch +perl-Class-Struct-0.66-488.cm2.noarch +perl-Benchmark-1.23-488.cm2.noarch +perl-autodie-2.34-488.cm2.noarch +perl-Safe-2.43-488.cm2.noarch +perl-ExtUtils-Constant-0.25-488.cm2.noarch +perl-Data-Dumper-2.179-488.cm2.x86_64 +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch +perl-B-1.82-488.cm2.x86_64 +perl-blib-1.07-488.cm2.noarch +perl-Unicode-Collate-1.29-488.cm2.x86_64 +perl-Module-Load-0.36-488.cm2.noarch +perl-Unicode-UCD-0.75-488.cm2.noarch +perl-Memoize-1.03-488.cm2.noarch +perl-Storable-3.23-488.cm2.x86_64 +perl-SelfLoader-1.26-488.cm2.noarch +perl-IPC-Open3-1.21-488.cm2.noarch +perl-IO-Socket-IP-0.41-488.cm2.noarch +perl-HTTP-Tiny-0.076-488.cm2.noarch +perl-libnet-3.13-488.cm2.noarch +perl-Net-Ping-2.74-488.cm2.noarch +perl-FileHandle-2.03-488.cm2.noarch +perl-IO-1.46-488.cm2.x86_64 +perl-FindBin-1.52-488.cm2.noarch +perl-debugger-1.60-488.cm2.noarch +perl-Test-Simple-1.302183-488.cm2.noarch +perl-Test-1.31-488.cm2.noarch +perl-Compress-Raw-Bzip2-2.101-488.cm2.x86_64 +perl-File-Temp-0.231.100-488.cm2.noarch +perl-File-Path-2.18-488.cm2.noarch +perl-IPC-Cmd-1.04-488.cm2.noarch +perl-Module-Load-Conditional-0.74-488.cm2.noarch +perl-Module-Metadata-1.000037-488.cm2.noarch +perl-ExtUtils-Command-7.62-488.cm2.noarch +perl-File-Find-1.39-488.cm2.noarch +perl-File-Fetch-1.00-488.cm2.noarch +perl-File-Copy-2.35-488.cm2.noarch +perl-ExtUtils-Manifest-1.73-488.cm2.noarch +perl-Devel-SelfStubber-1.06-488.cm2.noarch +perl-AutoSplit-5.74-488.cm2.noarch +perl-open-1.12-488.cm2.noarch +perl-encoding-3.00-488.cm2.x86_64 +perl-utils-5.34.1-488.cm2.noarch +perl-diagnostics-1.37-488.cm2.noarch +perl-Test-Harness-3.43-488.cm2.noarch +perl-podlators-4.14-488.cm2.noarch +perl-Pod-Simple-3.42-488.cm2.noarch +perl-Pod-Html-1.27-488.cm2.noarch +perl-Pod-Checker-1.74-488.cm2.noarch +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch +perl-Digest-SHA-6.02-488.cm2.x86_64 +perl-Getopt-Long-2.52-488.cm2.noarch +perl-Pod-Usage-2.01-488.cm2.noarch +perl-JSON-PP-4.06-488.cm2.noarch +perl-IO-Zlib-1.11-488.cm2.noarch +perl-Archive-Tar-2.38-488.cm2.noarch +perl-IO-Compress-2.102-488.cm2.noarch +perl-DBM_Filter-0.06-488.cm2.noarch +perl-CPAN-Meta-2.150010-488.cm2.noarch +perl-IPC-SysV-2.09-488.cm2.x86_64 +perl-libnetcfg-5.34.1-488.cm2.noarch +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch +perl-ExtUtils-Embed-1.35-488.cm2.noarch +perl-Encode-devel-3.08-488.cm2.noarch +perl-devel-5.34.1-488.cm2.x86_64 +perl-ExtUtils-Install-2.20-488.cm2.noarch +perl-CPAN-2.28-488.cm2.noarch +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch +perl-ODBM_File-1.17-488.cm2.x86_64 +perl-NDBM_File-1.15-488.cm2.x86_64 +perl-GDBM_File-1.19-488.cm2.x86_64 +perl-PathTools-3.80-488.cm2.x86_64 +perl-Exporter-5.76-488.cm2.noarch +perl-Pod-Perldoc-3.28.01-488.cm2.noarch +perl-Encode-3.08-488.cm2.x86_64 +perl-DynaLoader-1.50-488.cm2.x86_64 +perl-Carp-1.52-488.cm2.noarch +perl-5.34.1-488.cm2.x86_64 +perl-libs-5.34.1-488.cm2.x86_64 +perl-doc-5.34.1-488.cm2.noarch +perl-macros-5.34.1-488.cm2.noarch +perl-interpreter-5.34.1-488.cm2.x86_64 +net-snmp-libs-5.9.1-2.cm2.x86_64 +rsyslog-8.2204.1-3.cm2.x86_64 +sgx-backwards-compatability-1.0.0-1.cm2.x86_64 +openssh-8.9p1-1.cm2.x86_64 +python3-distro-1.6.0-2.cm2.noarch +WALinuxAgent-2.3.1.1-3.cm2.noarch +iw-5.9-1.cm2.x86_64 +wireless-regdb-2022.08.12-1.cm2.noarch +gpg-pubkey-3135ce90-5e6fda74 +gpg-pubkey-be1229cf-5631588c +inotify-tools-3.22.1.0-1.cm2.x86_64 +nspr-4.30-2.cm2.x86_64 +nss-libs-3.75-2.cm2.x86_64 +nss-3.75-2.cm2.x86_64 +libkcapi-1.3.1-2.cm2.x86_64 +libkcapi-hmaccalc-1.3.1-2.cm2.x86_64 +dracut-fips-055-5.cm2.x86_64 +fuse-2.9.7-10.cm2.x86_64 +boost-1.76.0-3.cm2.x86_64 +blobfuse-1.4.5-10.cm2.x86_64 +python3-dbus-1.2.16-3.cm2.x86_64 +python3-dateutil-2.7.3-5.cm2.noarch +python3-dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-utils-4.0.24-3.cm2.noarch +check-restart-1.0.0-2.cm2.x86_64 +keyutils-1.6.1-1.cm2.x86_64 +cifs-utils-6.14-2.cm2.x86_64 +libnfnetlink-1.0.1-5.cm2.x86_64 +libnetfilter_conntrack-1.0.8-1.cm2.x86_64 +libnetfilter_queue-1.0.5-1.cm2.x86_64 +libnetfilter_cttimeout-1.0.0-5.cm2.x86_64 +libnetfilter_cthelper-1.0.0-5.cm2.x86_64 +conntrack-tools-1.4.5-7.cm2.x86_64 +dnf-automatic-4.8.0-2.cm2.noarch +ebtables-legacy-2.0.11-6.cm2.x86_64 +apr-1.7.2-1.cm2.x86_64 +apr-util-1.6.3-1.cm2.x86_64 +utf8proc-2.6.1-2.cm2.x86_64 +libserf-1.3.9-8.cm2.x86_64 +subversion-1.14.2-1.cm2.x86_64 +subversion-perl-1.14.2-1.cm2.x86_64 +perl-YAML-1.30-2.cm2.noarch +perl-DBI-1.643-2.cm2.x86_64 +perl-CGI-4.54-3.cm2.noarch +less-590-2.cm2.x86_64 +git-2.33.8-1.cm2.x86_64 +iotop-0.6-10.cm2.noarch +ipset-7.15-1.cm2.x86_64 +oniguruma-6.9.7.1-1.cm2.x86_64 +jq-1.6-1.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 +libtirpc-1.3.3-1.cm2.x86_64 +lsof-4.94.0-1.cm2.x86_64 +libpcap-1.10.1-1.cm2.x86_64 +nmap-ncat-7.93-1.cm2.x86_64 +rpcbind-1.2.5-5.cm2.x86_64 +libnfsidmap-2.5.4-2.cm2.x86_64 +libevent-2.1.12-1.cm2.x86_64 +nfs-utils-2.5.4-2.cm2.x86_64 +pigz-2.6-2.cm2.x86_64 +psmisc-23.4-1.cm2.x86_64 +socat-1.7.4.3-1.cm2.x86_64 +sysstat-12.7.1-2.cm2.x86_64 +traceroute-2.1.0-6.cm2.x86_64 +zip-3.0-5.cm2.x86_64 +libapparmor-3.0.4-1.cm2.x86_64 +apparmor-parser-3.0.4-1.cm2.x86_64 +fuse3-libs-3.10.5-2.cm2.x86_64 +fuse-common-3.10.5-2.cm2.x86_64 +fuse3-3.10.5-2.cm2.x86_64 +blobfuse2-2.0.5-1.cm2.x86_64 +libnftnl-1.2.1-1.cm2.x86_64 +jansson-2.14-1.cm2.x86_64 +nftables-1.0.1-1.cm2.x86_64 +moby-runc-1.1.5-2.cm2.x86_64 +moby-containerd-1.6.18-5.cm2.x86_64 +llvm-12.0.1-7.cm2.x86_64 +binutils-devel-2.37-5.cm2.x86_64 +binutils-2.37-5.cm2.x86_64 +compiler-rt-12.0.1-1.cm2.x86_64 +clang-libs-12.0.1-4.cm2.x86_64 +bcc-0.27.0-1.cm2.x86_64 +clang-12.0.1-4.cm2.x86_64 +libbpf-1.0.1-1.cm2.x86_64 +bpftrace-0.16.0-1.cm2.x86_64 +python3-bcc-0.27.0-1.cm2.x86_64 +bcc-tools-0.27.0-1.cm2.x86_64 +bcc-examples-0.27.0-1.cm2.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 4.0M 0 4.0M 0% /dev +tmpfs 3.3G 0 3.3G 0% /dev/shm +tmpfs 1.4G 588K 1.4G 1% /run +tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup +/dev/sda3 29G 19G 8.7G 69% / +tmpfs 3.3G 4.0K 3.3G 1% /tmp +/dev/sda2 459M 31M 399M 8% /boot +/dev/sda1 64M 2.3M 62M 4% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 668M 0 668M 0% /run/user/1000 +Using kernel: +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:48:05 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: True +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="2.0.20230811" +ID=mariner +VERSION_ID="2.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-image-list.json index 5c4897f9c7e..2ce9819c0b1 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V2gen2fips", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-report.json index 6e67538b819..9eac466ed07 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest-trivy-report.json @@ -1,11 +1,11 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmgcj97oum56", + "ArtifactName": "pkrvmv6v3ngiaad", "ArtifactType": "filesystem", "Metadata": { "OS": { "Family": "cbl-mariner", - "Name": "2.0.20230805" + "Name": "2.0.20230811" }, "ImageConfig": { "architecture": "", @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmgcj97oum56 (cbl-mariner 2.0.20230805)", + "Target": "pkrvmv6v3ngiaad (cbl-mariner 2.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest.txt index 9917e79b162..20950c7413a 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2fips/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:25 UTC 2023 +Starting build on Tue Aug 22 16:25:02 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:11 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:11 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:13 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:13 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:16 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:28 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:28 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:33 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin filesystem-1.1-15.cm2.x86_64 glibc-2.35-4.cm2.x86_64 @@ -159,8 +160,8 @@ bash-5.1.8-3.cm2.x86_64 libsepol-3.2-2.cm2.x86_64 xz-5.2.5-1.cm2.x86_64 kmod-29-1.cm2.x86_64 -kernel-5.15.122.1-2.cm2.x86_64 -mariner-release-2.0-46.cm2.noarch +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch shim-15.4-2.cm2.x86_64 grub2-efi-binary-2.06-10.cm2.x86_64 popt-1.18-1.cm2.x86_64 @@ -263,9 +264,9 @@ bind-libs-9.16.33-2.cm2.x86_64 bind-utils-9.16.33-2.cm2.x86_64 chrony-4.1-2.cm2.x86_64 nghttp2-1.46.0-3.cm2.x86_64 -curl-libs-8.0.1-2.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 tdnf-3.5.2-2.cm2.x86_64 -curl-8.0.1-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 libdb-5.3.28-7.cm2.x86_64 cyrus-sasl-lib-2.1.28-4.cm2.x86_64 openldap-2.4.57-8.cm2.x86_64 @@ -330,7 +331,7 @@ python3-jsonpointer-2.2-1.cm2.noarch python3-jsonpatch-1.32-1.cm2.noarch python3-wcwidth-0.2.5-1.cm2.noarch python3-prettytable-3.2.0-2.cm2.noarch -python3-certifi-2022.12.07-1.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch python3-charset-normalizer-2.0.11-2.cm2.noarch python3-urllib3-1.26.9-1.cm2.noarch python3-asn1crypto-1.5.1-1.cm2.noarch @@ -351,11 +352,11 @@ cloud-utils-growpart-0.32-3.cm2.noarch grub2-2.06-10.cm2.x86_64 installkernel-1.0.0-2.cm2.noarch grubby-8.40-45.cm2.x86_64 -hyperv-daemons-license-5.15.122.1-1.cm2.noarch -hypervvssd-5.15.122.1-1.cm2.x86_64 -hypervkvpd-5.15.122.1-1.cm2.x86_64 -hypervfcopyd-5.15.122.1-1.cm2.x86_64 -hyperv-daemons-5.15.122.1-1.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 lzo-2.10-4.cm2.x86_64 squashfs-tools-4.5.1-1.cm2.x86_64 ethtool-5.16-1.cm2.x86_64 @@ -626,7 +627,7 @@ iotop-0.6-10.cm2.noarch ipset-7.15-1.cm2.x86_64 oniguruma-6.9.7.1-1.cm2.x86_64 jq-1.6-1.cm2.x86_64 -kernel-devel-5.15.122.1-2.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 libtirpc-1.3.3-1.cm2.x86_64 lsof-4.94.0-1.cm2.x86_64 libpcap-1.10.1-1.cm2.x86_64 @@ -671,18 +672,18 @@ devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 3.3G 0 3.3G 0% /dev/shm tmpfs 1.4G 588K 1.4G 1% /run tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup -/dev/sda3 29G 19G 8.9G 68% / +/dev/sda3 29G 19G 8.7G 69% / tmpfs 3.3G 4.0K 3.3G 1% /tmp /dev/sda2 459M 31M 399M 8% /boot /dev/sda1 64M 2.3M 62M 4% /boot/efi /dev/sdb1 14G 28K 13G 1% /mnt tmpfs 668M 0 668M 0% /run/user/1000 Using kernel: -Linux version 5.15.122.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sat Aug 5 04:51:06 UTC 2023 -Install completed successfully on Wed Aug 16 17:29:44 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:48:05 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V2 Feature flags: None @@ -690,7 +691,7 @@ Container runtime: containerd FIPS enabled: True === os-release Begin NAME="Common Base Linux Mariner" -VERSION="2.0.20230805" +VERSION="2.0.20230811" ID=mariner VERSION_ID="2.0" PRETTY_NAME="CBL-Mariner/Linux" diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-image-list.json new file mode 100644 index 00000000000..0914cca954c --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V2katagen2", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..4732e49fd10 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0-trivy-report.json @@ -0,0 +1,3992 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmr5iwo58qpj", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "2.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmr5iwo58qpj (cbl-mariner 2.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-32250", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-1.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32250", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "session race condition remote code execution vulnerability", + "Description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-32250", + "https://bugzilla.redhat.com/show_bug.cgi?id=2208849", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32250", + "https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1)", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32250", + "https://ubuntu.com/security/notices/USN-6173-1", + "https://www.cve.org/CVERecord?id=CVE-2023-32250", + "https://www.zerodayinitiative.com/advisories/ZDI-23-698/" + ], + "PublishedDate": "2023-07-10T16:15:00Z", + "LastModifiedDate": "2023-07-17T17:42:00Z" + }, + { + "VulnerabilityID": "CVE-2023-32254", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-1.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32254", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "tree connection race condition remote code execution vulnerability", + "Description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-362" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-32254", + "https://bugzilla.redhat.com/show_bug.cgi?id=2191658", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32254", + "https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1)", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32254", + "https://ubuntu.com/security/notices/USN-6173-1", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://www.cve.org/CVERecord?id=CVE-2023-32254", + "https://www.zerodayinitiative.com/advisories/ZDI-23-702/", + "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/" + ], + "PublishedDate": "2023-07-10T16:15:00Z", + "LastModifiedDate": "2023-07-17T17:55:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38426", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38426", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38426", + "https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (6.4-rc3)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=02f76c401d17e409ed45bf7887148fcc22c93c85", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38426" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38427", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38427", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/serve ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125", + "CWE-191" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38427", + "https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (6.4-rc6)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=f1a411873c85b642f13b01f21b534c2bab81fc1b", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38427" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:09:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38428", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38428", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38428", + "https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (6.4-rc3)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38428" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:09:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38429", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38429", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/con ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38429", + "https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (6.4-rc3)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=443d61d1fa9faa60ef925513d83742902390100f", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38429" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:11:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38430", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38430", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does n ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38430", + "https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (6.4-rc6)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38430", + "https://ubuntu.com/security/notices/USN-6285-1" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:00:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38431", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38431", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/serve ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38431", + "https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (6.4-rc6)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=368ba06881c395f1c9a7ba22203cf8d78b4addc0", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38431" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:01:00Z" + }, + { + "VulnerabilityID": "CVE-2023-38432", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38432", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "An issue was discovered in the Linux kernel before 6.3.10. fs/smb/serv ...", + "Description": "An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38432", + "https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (6.4)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d", + "https://nvd.nist.gov/vuln/detail/CVE-2023-38432", + "https://ubuntu.com/security/notices/USN-6285-1" + ], + "PublishedDate": "2023-07-18T00:15:00Z", + "LastModifiedDate": "2023-07-27T16:02:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45884", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45884", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "use-after-free due to race condition occurring in dvb_register_device()", + "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45884", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884", + "https://linux.oracle.com/cve/CVE-2022-45884.html", + "https://linux.oracle.com/errata/ELSA-2023-12207.html", + "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45884", + "https://security.netapp.com/advisory/ntap-20230113-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-45884" + ], + "PublishedDate": "2022-11-25T04:15:00Z", + "LastModifiedDate": "2023-01-20T20:18:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45886", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45886", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "use-after-free due to race condition occurring in dvb_net.c", + "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45886", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886", + "https://linux.oracle.com/cve/CVE-2022-45886.html", + "https://linux.oracle.com/errata/ELSA-2023-12207.html", + "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221117045925.14297-3-imv4bel@gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45886", + "https://security.netapp.com/advisory/ntap-20230113-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-45886" + ], + "PublishedDate": "2022-11-25T04:15:00Z", + "LastModifiedDate": "2023-01-20T20:19:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45919", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45919", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "use-after-free due to race condition occurring in dvb_ca_en50221.c", + "Description": "An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919", + "https://linux.oracle.com/cve/CVE-2022-45919.html", + "https://linux.oracle.com/errata/ELSA-2023-12207.html", + "https://lore.kernel.org/linux-media/20221121063308.GA33821@ubuntu/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45919", + "https://security.netapp.com/advisory/ntap-20230113-0008/", + "https://www.cve.org/CVERecord?id=CVE-2022-45919" + ], + "PublishedDate": "2022-11-27T02:15:00Z", + "LastModifiedDate": "2023-02-01T15:07:00Z" + }, + { + "VulnerabilityID": "CVE-2022-48502", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48502", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "ntfs3 subsystem does not properly check for correctness during disk reads", + "Description": "An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-48502", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48502", + "https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b", + "https://nvd.nist.gov/vuln/detail/CVE-2022-48502", + "https://security.netapp.com/advisory/ntap-20230703-0004/", + "https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://www.cve.org/CVERecord?id=CVE-2022-48502" + ], + "PublishedDate": "2023-05-31T20:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-2124", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2124", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "OOB access in the Linux kernel's XFS subsystem", + "Description": "An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3723", + "https://access.redhat.com/security/cve/CVE-2023-2124", + "https://bugzilla.redhat.com/2179000", + "https://bugzilla.redhat.com/2187308", + "https://bugzilla.redhat.com/2187439", + "https://bugzilla.redhat.com/2188396", + "https://bugzilla.redhat.com/2192589", + "https://bugzilla.redhat.com/2196105", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124", + "https://errata.almalinux.org/9/ALSA-2023-3723.html", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1\u0026id=22ed903eee23a5b174e240f1cdfa9acf393a5210", + "https://linux.oracle.com/cve/CVE-2023-2124.html", + "https://linux.oracle.com/errata/ELSA-2023-4517.html", + "https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2124", + "https://security.netapp.com/advisory/ntap-20230622-0010/", + "https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6224-1", + "https://ubuntu.com/security/notices/USN-6228-1", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6284-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://ubuntu.com/security/notices/USN-6301-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2124", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/04/19/2" + ], + "PublishedDate": "2023-05-15T22:15:00Z", + "LastModifiedDate": "2023-08-19T18:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-22995", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.116.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-22995", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "kernel: missing platform_device_put() and kfree() calls in an error path in dwc3_qcom_acpi_register_core() in drivers/usb/dwc3/dwc3-qcom.c", + "Description": "In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.", + "Severity": "HIGH", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-22995", + "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22995", + "https://git.kernel.org/linus/fa0ef93868a6062babe1144df2807a8b1d4924d2", + "https://github.com/torvalds/linux/commit/fa0ef93868a6062babe1144df2807a8b1d4924d2", + "https://nvd.nist.gov/vuln/detail/CVE-2023-22995", + "https://security.netapp.com/advisory/ntap-20230331-0004/", + "https://www.cve.org/CVERecord?id=CVE-2023-22995" + ], + "PublishedDate": "2023-02-28T05:15:00Z", + "LastModifiedDate": "2023-03-31T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-23003", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-23003", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "kernel: missing check for return value of hashmap__new() in the function expr__ctx_new", + "Description": "In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-252" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-23003", + "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16", + "https://github.com/torvalds/linux/commit/0a515a06c5ebfa46fee3ac519e418f801e718da4", + "https://nvd.nist.gov/vuln/detail/CVE-2023-23003", + "https://security.netapp.com/advisory/ntap-20230331-0003/", + "https://www.cve.org/CVERecord?id=CVE-2023-23003" + ], + "PublishedDate": "2023-03-01T20:15:00Z", + "LastModifiedDate": "2023-03-31T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-2598", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.116.1-1.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2598", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "io_uring out-of-bounds access to physical memory", + "Description": "A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2598", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2598", + "https://security.netapp.com/advisory/ntap-20230703-0006/", + "https://www.cve.org/CVERecord?id=CVE-2023-2598", + "https://www.openwall.com/lists/oss-security/2023/05/08/3" + ], + "PublishedDate": "2023-06-01T01:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-28464", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28464", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "double free in hci_conn_cleanup of the bluetooth subsystem", + "Description": "hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28464", + "https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28464", + "https://security.netapp.com/advisory/ntap-20230517-0004/", + "https://www.cve.org/CVERecord?id=CVE-2023-28464", + "https://www.openwall.com/lists/oss-security/2023/03/28/2", + "https://www.openwall.com/lists/oss-security/2023/03/28/3" + ], + "PublishedDate": "2023-03-31T16:15:00Z", + "LastModifiedDate": "2023-08-11T23:28:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3111", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.116.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3111", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "Use after free in prepare_to_relocate in fs/btrfs/relocation.c", + "Description": "A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3111", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3111", + "https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/", + "https://security.netapp.com/advisory/ntap-20230703-0007/", + "https://ubuntu.com/security/notices/USN-6221-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6284-1", + "https://ubuntu.com/security/notices/USN-6301-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3111", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-05T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3141", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.116.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3141", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "Use after free bug in r592_remove", + "Description": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3141", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3141", + "https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7", + "https://linux.oracle.com/cve/CVE-2023-3141.html", + "https://linux.oracle.com/errata/ELSA-2023-12688.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3141", + "https://security.netapp.com/advisory/ntap-20230706-0004/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6284-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://ubuntu.com/security/notices/USN-6301-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3141" + ], + "PublishedDate": "2023-06-09T20:15:00Z", + "LastModifiedDate": "2023-07-27T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3268", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3268", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "out-of-bounds access in relay_file_read", + "Description": "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3268", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3268", + "https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3268", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3268", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-16T19:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3269", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3269", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "distros-[DirtyVMA] Privilege escalation via non-RCU-protected VMA traversal", + "Description": "A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/28/1", + "https://access.redhat.com/security/cve/CVE-2023-3269", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215268", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3269", + "https://github.com/lrh2000/StackRot", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3269", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3269", + "https://www.openwall.com/lists/oss-security/2023/07/05/1" + ], + "PublishedDate": "2023-07-11T12:15:00Z", + "LastModifiedDate": "2023-07-29T08:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3312", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3312", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "double free in IO unmap and resource release on exit in drivers/cpufreq/qcom-cpufreq-hw.c", + "Description": "A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3312", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3312", + "https://git.kernel.org/linus/ba5e770c9698782bc203bbf5cf3b36a77720bdbe (6.4-rc1)", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3312", + "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski@linaro.org/", + "https://security.netapp.com/advisory/ntap-20230731-0005/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3312" + ], + "PublishedDate": "2023-06-19T18:15:00Z", + "LastModifiedDate": "2023-07-31T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3317", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3317", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "use-after-free in wifi mt7921 fw features query", + "Description": "A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3317", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3317", + "https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3317", + "https://patchwork.kernel.org/project/linux-wireless/patch/51fd8f76494348aa9ecbf0abc471ebe47a983dfd.1679502607.git.lorenzo@kernel.org/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3317" + ], + "PublishedDate": "2023-06-23T18:15:00Z", + "LastModifiedDate": "2023-07-20T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.116.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35823", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35823", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "race condition leading to use-after-free in saa7134_finidev()", + "Description": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-35823", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35823", + "https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/", + "https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz@163.com/t/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35823", + "https://security.netapp.com/advisory/ntap-20230803-0002/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35823" + ], + "PublishedDate": "2023-06-18T22:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35824", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35824", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "race condition leading to use-after-free in dm1105_remove.c()", + "Description": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-35824", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35824", + "https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5abda7a16698d4d1f47af1168d8fa2c640116b4a", + "https://linux.oracle.com/cve/CVE-2023-35824.html", + "https://linux.oracle.com/errata/ELSA-2023-12688.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/", + "https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz@163.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35824", + "https://security.netapp.com/advisory/ntap-20230803-0002/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35824" + ], + "PublishedDate": "2023-06-18T22:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35826", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35826", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "race condition leading to use-after-free in cedrus_remove()", + "Description": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-35826", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35826", + "https://git.kernel.org/linus/50d0a7aea4809cef87979d4669911276aa23b71f (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50d0a7aea4809cef87979d4669911276aa23b71f", + "https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a@xs4all.nl/", + "https://lore.kernel.org/linux-arm-kernel/20230308032333.1893394-1-zyytlz.wz@163.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35826", + "https://security.netapp.com/advisory/ntap-20230803-0002/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35826" + ], + "PublishedDate": "2023-06-18T22:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35828", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35828", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "race condition leading to use-after-free in renesas_usb3_remove()", + "Description": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-35828", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35828", + "https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b947f8769be8b8181dc795fd292d3e7120f5204", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://lore.kernel.org/all/20230327121700.52d881e0@canb.auug.org.au/", + "https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA@mail.gmail.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35828", + "https://security.netapp.com/advisory/ntap-20230803-0002/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35828" + ], + "PublishedDate": "2023-06-18T22:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35829", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.118.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35829", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "race condition leading to use-after-free in rkvdec_remove()", + "Description": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-35829", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35829", + "https://git.kernel.org/linus/3228cec23b8b29215e18090c6ba635840190993d (6.4-rc1)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3228cec23b8b29215e18090c6ba635840190993d", + "https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a@xs4all.nl/", + "https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz@163.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35829", + "https://security.netapp.com/advisory/ntap-20230803-0002/", + "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35829" + ], + "PublishedDate": "2023-06-18T22:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3609", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3609", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "cls_u32 component reference counter leak if tcf_change_indev() fails", + "Description": "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3609", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3609", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc", + "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3609", + "https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html", + "https://security.netapp.com/advisory/ntap-20230818-0005/", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3609", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-07-21T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3610", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3610", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE", + "Description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3610", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3610", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795", + "https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3610", + "https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html", + "https://security.netapp.com/advisory/ntap-20230818-0005/", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3610", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-07-21T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3611", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3611", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead", + "Description": "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3611", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611", + "https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64", + "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3611", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3611", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-07-21T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:17:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3776", + "PkgName": "kernel", + "InstalledVersion": "5.15.112.1-2.cm2", + "FixedVersion": "5.15.122.1-2.cm2", + "Layer": {}, + "SeveritySource": "cbl-mariner", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3776", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, + "Title": "cls_fw component can be exploited as result of failure in tcf_change_indev function", + "Description": "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3776", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776", + "https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f", + "https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3776", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3776", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-07-21T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:17:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0.txt new file mode 100644 index 00000000000..7101f227241 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202308.22.0.txt @@ -0,0 +1,727 @@ +Starting build on Tue Aug 22 16:24:46 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.16.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +lrwxrwxrwx 1 root root 21 Jul 21 20:08 /usr/local/bin/kata-runtime -> /usr/bin/kata-runtime +lrwxrwxrwx 1 root root 21 Jul 21 20:08 /usr/local/bin/kata-monitor -> /usr/bin/kata-monitor +lrwxrwxrwx 1 root root 32 Jul 21 20:08 /usr/local/bin/containerd-shim-kata-v2 -> /usr/bin/containerd-shim-kata-v2 +-r-xr--r-- 1 root root 2462 Aug 22 16:24 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:24 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:28 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:28 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:30 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:30 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:33 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +libgcc-11.2.0-4.cm2.x86_64 +pcre-libs-8.45-2.cm2.x86_64 +libstdc++-11.2.0-4.cm2.x86_64 +zlib-1.2.13-1.cm2.x86_64 +xz-libs-5.2.5-1.cm2.x86_64 +ncurses-libs-6.4-1.cm2.x86_64 +readline-8.1-1.cm2.x86_64 +bzip2-libs-1.0.8-1.cm2.x86_64 +pcre-8.45-2.cm2.x86_64 +libselinux-3.2-1.cm2.x86_64 +coreutils-8.32-6.cm2.x86_64 +grep-3.7-2.cm2.x86_64 +libsepol-3.2-2.cm2.x86_64 +xz-5.2.5-1.cm2.x86_64 +kmod-29-1.cm2.x86_64 +kernel-5.15.112.1-2.cm2.x86_64 +shim-15.4-2.cm2.x86_64 +grub2-efi-binary-2.06-10.cm2.x86_64 +popt-1.18-1.cm2.x86_64 +slang-2.3.2-4.cm2.x86_64 +newt-0.52.21-4.cm2.x86_64 +chkconfig-1.20-3.cm2.x86_64 +ca-certificates-shared-2.0.0-13.cm2.noarch +libffi-3.4.2-2.cm2.x86_64 +p11-kit-0.24.1-1.cm2.x86_64 +libtasn1-4.19.0-1.cm2.x86_64 +p11-kit-trust-0.24.1-1.cm2.x86_64 +ca-certificates-tools-2.0.0-13.cm2.noarch +ca-certificates-2.0.0-13.cm2.noarch +util-linux-libs-2.37.4-6.cm2.x86_64 +libgpg-error-1.46-1.cm2.x86_64 +openssl-libs-1.1.1k-24.cm2.x86_64 +libgcrypt-1.9.4-1.cm2.x86_64 +glib-2.71.0-1.cm2.x86_64 +lz4-1.9.3-1.cm2.x86_64 +libcap-ng-0.8.2-2.cm2.x86_64 +audit-libs-3.0.6-7.cm2.x86_64 +json-c-0.15-1.cm2.x86_64 +cracklib-2.9.7-5.cm2.x86_64 +cracklib-dicts-2.9.7-5.cm2.x86_64 +pam-1.5.1-5.cm2.x86_64 +cryptsetup-libs-2.4.3-3.cm2.x86_64 +device-mapper-libs-2.03.15-2.cm2.x86_64 +cronie-1.5.7-2.cm2.x86_64 +cronie-anacron-1.5.7-2.cm2.x86_64 +logrotate-3.20.1-1.cm2.x86_64 +openssl-1.1.1k-24.cm2.x86_64 +expat-libs-2.5.0-1.cm2.x86_64 +sqlite-libs-3.39.2-2.cm2.x86_64 +zstd-libs-1.5.0-1.cm2.x86_64 +elfutils-libelf-0.186-1.cm2.x86_64 +e2fsprogs-libs-1.46.5-3.cm2.x86_64 +krb5-1.19.4-1.cm2.x86_64 +libassuan-2.5.5-2.cm2.x86_64 +expat-2.5.0-1.cm2.x86_64 +libssh2-1.9.0-2.cm2.x86_64 +iana-etc-20211115-2.cm2.noarch +libpwquality-1.4.4-1.cm2.x86_64 +file-libs-5.40-2.cm2.x86_64 +device-mapper-2.03.15-2.cm2.x86_64 +device-mapper-event-libs-2.03.15-2.cm2.x86_64 +ncurses-6.4-1.cm2.x86_64 +lmdb-libs-0.9.29-1.cm2.x86_64 +lua-libs-5.4.4-1.cm2.x86_64 +libedit-3.1.20210910-1.cm2.x86_64 +procps-ng-3.3.17-1.cm2.x86_64 +device-mapper-event-2.03.15-2.cm2.x86_64 +util-linux-2.37.4-6.cm2.x86_64 +file-5.40-2.cm2.x86_64 +cryptsetup-2.4.3-3.cm2.x86_64 +pinentry-1.2.0-1.cm2.x86_64 +e2fsprogs-1.46.5-3.cm2.x86_64 +libarchive-3.6.1-2.cm2.x86_64 +libmetalink-0.1.3-1.cm2.x86_64 +bc-1.07.1-4.cm2.x86_64 +bridge-utils-1.7.1-1.cm2.x86_64 +cpio-2.13-4.cm2.x86_64 +gdbm-1.21-1.cm2.x86_64 +iputils-20211215-1.cm2.x86_64 +irqbalance-1.8.0-2.cm2.x86_64 +libtool-2.4.6-8.cm2.x86_64 +net-tools-2.10-2.cm2.x86_64 +tar-1.34-1.cm2.x86_64 +tzdata-2023c-1.cm2.noarch +which-2.21-8.cm2.x86_64 +libseccomp-2.5.3-1.cm2.x86_64 +nettle-3.7.3-2.cm2.x86_64 +bzip2-1.0.8-1.cm2.x86_64 +ca-certificates-base-2.0.0-13.cm2.noarch +findutils-4.8.0-4.cm2.x86_64 +gzip-1.12-1.cm2.x86_64 +sed-4.8-2.cm2.x86_64 +libmnl-1.0.4-6.cm2.x86_64 +iproute-5.15.0-2.cm2.x86_64 +libaio-0.3.112-4.cm2.x86_64 +lvm2-2.03.15-2.cm2.x86_64 +pkgconf-m4-1.8.0-3.cm2.noarch +libsemanage-3.2-2.cm2.x86_64 +shadow-utils-4.9-12.cm2.x86_64 +libpkgconf-1.8.0-3.cm2.x86_64 +pkgconf-1.8.0-3.cm2.x86_64 +pkgconf-pkg-config-1.8.0-3.cm2.x86_64 +libuv-1.43.0-1.cm2.x86_64 +chrony-4.1-2.cm2.x86_64 +libdb-5.3.28-7.cm2.x86_64 +cyrus-sasl-lib-2.1.28-4.cm2.x86_64 +openldap-2.4.57-8.cm2.x86_64 +sudo-1.9.13p3-2.cm2.x86_64 +libksba-1.6.3-1.cm2.x86_64 +npth-1.6-4.cm2.x86_64 +gnupg2-2.4.0-2.cm2.x86_64 +gpgme-1.16.0-1.cm2.x86_64 +mariner-repos-shared-2.0-8.cm2.noarch +mariner-repos-microsoft-2.0-8.cm2.noarch +mariner-repos-extras-2.0-8.cm2.noarch +mariner-repos-2.0-8.cm2.noarch +mshv-bootloader-lx-25357.1.230428-1528.1.cm2.x86_64 +hvloader-1.0.1-1.cm2.x86_64 +mshv-bootloader-25357.1.230428-1528.1.cm2.x86_64 +mshv-linuxloader-0.5.0-2.3.cm2.x86_64 +kernel-mshv-5.15.110.mshv2-3.cm2.x86_64 +libnl3-3.5.0-3.cm2.x86_64 +gc-8.0.0-4.cm2.x86_64 +libnuma-2.0.14-1.cm2.x86_64 +numactl-2.0.14-1.cm2.x86_64 +python3-3.9.14-6.cm2.x86_64 +python3-libs-3.9.14-6.cm2.x86_64 +dtc-1.6.1-1.cm2.x86_64 +dracut-055-5.cm2.x86_64 +daxctl-65-3.cm2.x86_64 +fuse3-libs-3.10.5-2.cm2.x86_64 +libbpf-1.0.1-1.cm2.x86_64 +libjpeg-turbo-2.1.4-1.cm2.x86_64 +libpmem-1.8-4.cm2.x86_64 +libpng-1.6.37-6.cm2.x86_64 +libslirp-4.6.1-3.cm2.x86_64 +liburing-2.0-3.cm2.x86_64 +lzo-2.10-4.cm2.x86_64 +pixman-0.42.2-1.cm2.x86_64 +seabios-bin-1.14.0-7.cm2.noarch +seavgabios-bin-1.14.0-7.cm2.noarch +sgabios-bin-0.20180715git-8.cm2.noarch +snappy-1.1.9-2.cm2.x86_64 +autogen-libopts-5.18.16-8.cm2.x86_64 +ipxe-1.21.1-1.cm2.x86_64 +libltdl-2.4.6-8.cm2.x86_64 +libunistring-0.9.10-5.cm2.x86_64 +guile-2.0.14-4.cm2.x86_64 +gnutls-3.7.7-2.cm2.x86_64 +pciutils-libs-3.7.0-3.cm2.x86_64 +pciutils-3.7.0-3.cm2.x86_64 +rdma-core-39.0-1.cm2.x86_64 +libibverbs-39.0-1.cm2.x86_64 +librdmacm-39.0-1.cm2.x86_64 +cloud-hypervisor-31.1-1.cm2.x86_64 +zchunk-libs-1.1.16-2.cm2.x86_64 +zchunk-1.1.16-2.cm2.x86_64 +dnf-data-4.8.0-2.cm2.noarch +python3-curses-3.9.14-6.cm2.x86_64 +python3-gpg-1.16.0-1.cm2.x86_64 +libcomps-0.1.18-1.cm2.x86_64 +python3-libcomps-0.1.18-1.cm2.x86_64 +elfutils-default-yama-scope-0.186-1.cm2.noarch +libgomp-11.2.0-4.cm2.x86_64 +popt-devel-1.18-1.cm2.x86_64 +libyaml-0.2.5-3.cm2.x86_64 +libmodulemd-2.13.0-2.cm2.x86_64 +libdnf-0.63.1-1.cm2.x86_64 +python3-libdnf-0.63.1-1.cm2.x86_64 +python3-hawkey-0.63.1-1.cm2.x86_64 +elfutils-libelf-devel-0.186-1.cm2.x86_64 +xz-devel-5.2.5-1.cm2.x86_64 +zlib-devel-1.2.13-1.cm2.x86_64 +zstd-1.5.0-1.cm2.x86_64 +zstd-devel-1.5.0-1.cm2.x86_64 +elfutils-0.186-1.cm2.x86_64 +elfutils-devel-0.186-1.cm2.x86_64 +python3-dnf-4.8.0-2.cm2.noarch +dnf-4.8.0-2.cm2.noarch +wget-1.21.2-1.cm2.x86_64 +python3-six-1.16.0-2.cm2.noarch +python3-markupsafe-2.1.0-1.cm2.x86_64 +python3-idna-3.3-1.cm2.noarch +python3-jinja2-3.0.3-2.cm2.noarch +python3-configobj-5.0.6-7.cm2.noarch +PyYAML-3.13-8.cm2.x86_64 +python3-jsonschema-2.6.0-6.cm2.noarch +python3-netifaces-0.11.0-1.cm2.x86_64 +python3-oauthlib-2.1.0-7.cm2.noarch +python3-setuptools-3.9.14-6.cm2.noarch +python3-jsonpointer-2.2-1.cm2.noarch +python3-jsonpatch-1.32-1.cm2.noarch +python3-wcwidth-0.2.5-1.cm2.noarch +python3-prettytable-3.2.0-2.cm2.noarch +python3-charset-normalizer-2.0.11-2.cm2.noarch +python3-urllib3-1.26.9-1.cm2.noarch +python3-asn1crypto-1.5.1-1.cm2.noarch +python3-pyasn1-0.4.8-1.cm2.noarch +python3-pycparser-2.21-1.cm2.noarch +python3-cffi-1.15.0-2.cm2.x86_64 +python3-pyparsing-3.0.7-1.cm2.noarch +python3-packaging-21.3-1.cm2.noarch +python3-cryptography-3.3.2-4.cm2.x86_64 +python3-pyOpenSSL-18.0.0-8.cm2.noarch +gptfdisk-1.0.8-1.cm2.x86_64 +mpfr-4.1.0-1.cm2.x86_64 +gawk-5.1.0-2.cm2.x86_64 +cloud-utils-growpart-0.32-3.cm2.noarch +wpa_supplicant-2.10-1.cm2.x86_64 +netplan-0.95-1.cm2.x86_64 +ncurses-term-6.4-1.cm2.x86_64 +libestr-0.1.11-1.cm2.x86_64 +libfastjson-0.99.9-1.cm2.x86_64 +libmpc-1.2.1-1.cm2.x86_64 +libstdc++-devel-11.2.0-4.cm2.x86_64 +liblognorm-2.0.6-2.cm2.x86_64 +librelp-1.10.0-1.cm2.x86_64 +cyrus-sasl-2.1.28-4.cm2.x86_64 +librdkafka1-1.8.2-1.cm2.x86_64 +make-4.3-2.cm2.x86_64 +libgcc-atomic-11.2.0-4.cm2.x86_64 +libgcc-devel-11.2.0-4.cm2.x86_64 +libgomp-devel-11.2.0-4.cm2.x86_64 +gcc-c++-11.2.0-4.cm2.x86_64 +gcc-11.2.0-4.cm2.x86_64 +perl-vmsish-1.04-488.cm2.noarch +perl-version-0.99.28-488.cm2.noarch +perl-subs-1.04-488.cm2.noarch +perl-ph-5.34.1-488.cm2.x86_64 +perl-perlfaq-5.20210411-488.cm2.noarch +perl-parent-0.238-488.cm2.noarch +perl-mro-1.25-488.cm2.x86_64 +perl-meta-notation-5.34.1-488.cm2.noarch +perl-less-0.03-488.cm2.noarch +perl-if-0.60.900-488.cm2.noarch +perl-filetest-1.03-488.cm2.noarch +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch +perl-Devel-PPPort-3.62-488.cm2.x86_64 +perl-vars-1.05-488.cm2.noarch +perl-sort-2.04-488.cm2.noarch +perl-overloading-0.02-488.cm2.noarch +perl-lib-0.65-488.cm2.x86_64 +perl-experimental-0.024-488.cm2.noarch +perl-encoding-warnings-0.13-488.cm2.noarch +perl-deprecate-0.04-488.cm2.noarch +perl-constant-1.33-488.cm2.noarch +perl-base-2.27-488.cm2.noarch +perl-autouse-1.11-488.cm2.noarch +perl-Tie-Memoize-1.1-488.cm2.noarch +perl-Env-1.05-488.cm2.noarch +perl-Tie-4.6-488.cm2.noarch +perl-Term-ReadLine-1.17-488.cm2.noarch +perl-Term-Cap-1.17-488.cm2.noarch +perl-Module-Loaded-0.08-488.cm2.noarch +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch +perl-AutoLoader-5.74-488.cm2.noarch +perl-Attribute-Handlers-1.01-488.cm2.noarch +perl-Unicode-Normalize-1.28-488.cm2.x86_64 +perl-Time-Local-1.300-488.cm2.noarch +perl-Time-HiRes-1.9767-488.cm2.x86_64 +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch +perl-File-DosGlob-1.12-488.cm2.x86_64 +perl-Text-ParseWords-3.30-488.cm2.noarch +perl-Text-Abbrev-1.02-488.cm2.noarch +perl-Term-Complete-1.403-488.cm2.noarch +perl-Term-ANSIColor-5.01-488.cm2.noarch +perl-sigtrap-1.09-488.cm2.noarch +perl-SelectSaver-1.02-488.cm2.noarch +perl-DirHandle-1.05-488.cm2.noarch +perl-Symbol-1.09-488.cm2.noarch +perl-Socket-2.031-488.cm2.x86_64 +perl-Search-Dict-1.07-488.cm2.noarch +perl-threads-shared-1.62-488.cm2.x86_64 +perl-Thread-3.05-488.cm2.noarch +perl-threads-2.26-488.cm2.x86_64 +perl-Text-Balanced-2.04-488.cm2.noarch +perl-NEXT-0.68-488.cm2.noarch +perl-overload-1.33-488.cm2.noarch +perl-Time-Piece-1.3401-488.cm2.x86_64 +perl-Tie-RefHash-1.40-488.cm2.noarch +perl-Thread-Semaphore-2.13-488.cm2.noarch +perl-Thread-Queue-3.14-488.cm2.noarch +perl-Module-CoreList-5.20220313-488.cm2.noarch +perl-Scalar-List-Utils-1.55-488.cm2.x86_64 +perl-Pod-Functions-1.13-488.cm2.noarch +perl-Pod-Escapes-1.07-488.cm2.noarch +perl-Perl-OSType-1.010-488.cm2.noarch +perl-Opcode-1.50-488.cm2.x86_64 +perl-Math-Complex-1.59-488.cm2.noarch +perl-bignum-0.51-488.cm2.noarch +perl-Math-BigRat-0.2614-488.cm2.noarch +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.x86_64 +perl-Math-BigInt-1.9998.18-488.cm2.noarch +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch +perl-MIME-Base64-3.16-488.cm2.x86_64 +perl-I18N-Langinfo-0.19-488.cm2.x86_64 +perl-Params-Check-0.38-488.cm2.noarch +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch +perl-Locale-Maketext-1.29-488.cm2.noarch +perl-I18N-LangTags-0.45-488.cm2.noarch +perl-Hash-Util-FieldHash-1.21-488.cm2.x86_64 +perl-fields-2.27-488.cm2.noarch +perl-Hash-Util-0.25-488.cm2.x86_64 +perl-Getopt-Std-1.13-488.cm2.noarch +perl-Filter-Simple-0.96-488.cm2.noarch +perl-Filter-1.59-488.cm2.x86_64 +perl-FileCache-1.10-488.cm2.noarch +perl-File-Compare-1.100.600-488.cm2.noarch +perl-File-Basename-2.85-488.cm2.noarch +perl-locale-1.10-488.cm2.noarch +perl-Tie-File-1.06-488.cm2.noarch +perl-Sys-Syslog-0.36-488.cm2.x86_64 +perl-Sys-Hostname-1.23-488.cm2.x86_64 +perl-I18N-Collate-1.02-488.cm2.noarch +perl-POSIX-1.97-488.cm2.x86_64 +perl-Fcntl-1.14-488.cm2.x86_64 +perl-Errno-1.33-488.cm2.x86_64 +perl-English-1.11-488.cm2.noarch +perl-Digest-MD5-2.58-488.cm2.x86_64 +perl-Digest-1.19-488.cm2.noarch +perl-Dumpvalue-2.27-488.cm2.noarch +perl-Devel-Peek-1.30-488.cm2.x86_64 +perl-Config-Perl-V-0.33-488.cm2.noarch +perl-Config-Extensions-0.03-488.cm2.noarch +perl-Compress-Raw-Zlib-2.101-488.cm2.x86_64 +perl-User-pwent-1.03-488.cm2.noarch +perl-Time-1.03-488.cm2.noarch +perl-Net-1.02-488.cm2.noarch +perl-File-stat-1.09-488.cm2.noarch +perl-Class-Struct-0.66-488.cm2.noarch +perl-Benchmark-1.23-488.cm2.noarch +perl-autodie-2.34-488.cm2.noarch +perl-Safe-2.43-488.cm2.noarch +perl-ExtUtils-Constant-0.25-488.cm2.noarch +perl-Data-Dumper-2.179-488.cm2.x86_64 +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch +perl-B-1.82-488.cm2.x86_64 +perl-blib-1.07-488.cm2.noarch +perl-Unicode-Collate-1.29-488.cm2.x86_64 +perl-Module-Load-0.36-488.cm2.noarch +perl-Unicode-UCD-0.75-488.cm2.noarch +perl-Memoize-1.03-488.cm2.noarch +perl-Storable-3.23-488.cm2.x86_64 +perl-SelfLoader-1.26-488.cm2.noarch +perl-IPC-Open3-1.21-488.cm2.noarch +perl-IO-Socket-IP-0.41-488.cm2.noarch +perl-HTTP-Tiny-0.076-488.cm2.noarch +perl-libnet-3.13-488.cm2.noarch +perl-Net-Ping-2.74-488.cm2.noarch +perl-FileHandle-2.03-488.cm2.noarch +perl-IO-1.46-488.cm2.x86_64 +perl-FindBin-1.52-488.cm2.noarch +perl-debugger-1.60-488.cm2.noarch +perl-Test-Simple-1.302183-488.cm2.noarch +perl-Test-1.31-488.cm2.noarch +perl-Compress-Raw-Bzip2-2.101-488.cm2.x86_64 +perl-File-Temp-0.231.100-488.cm2.noarch +perl-File-Path-2.18-488.cm2.noarch +perl-IPC-Cmd-1.04-488.cm2.noarch +perl-Module-Load-Conditional-0.74-488.cm2.noarch +perl-Module-Metadata-1.000037-488.cm2.noarch +perl-ExtUtils-Command-7.62-488.cm2.noarch +perl-File-Find-1.39-488.cm2.noarch +perl-File-Fetch-1.00-488.cm2.noarch +perl-File-Copy-2.35-488.cm2.noarch +perl-ExtUtils-Manifest-1.73-488.cm2.noarch +perl-Devel-SelfStubber-1.06-488.cm2.noarch +perl-AutoSplit-5.74-488.cm2.noarch +perl-open-1.12-488.cm2.noarch +perl-encoding-3.00-488.cm2.x86_64 +perl-utils-5.34.1-488.cm2.noarch +perl-diagnostics-1.37-488.cm2.noarch +perl-Test-Harness-3.43-488.cm2.noarch +perl-podlators-4.14-488.cm2.noarch +perl-Pod-Simple-3.42-488.cm2.noarch +perl-Pod-Html-1.27-488.cm2.noarch +perl-Pod-Checker-1.74-488.cm2.noarch +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch +perl-Digest-SHA-6.02-488.cm2.x86_64 +perl-Getopt-Long-2.52-488.cm2.noarch +perl-Pod-Usage-2.01-488.cm2.noarch +perl-JSON-PP-4.06-488.cm2.noarch +perl-IO-Zlib-1.11-488.cm2.noarch +perl-Archive-Tar-2.38-488.cm2.noarch +perl-IO-Compress-2.102-488.cm2.noarch +perl-DBM_Filter-0.06-488.cm2.noarch +perl-CPAN-Meta-2.150010-488.cm2.noarch +perl-IPC-SysV-2.09-488.cm2.x86_64 +perl-libnetcfg-5.34.1-488.cm2.noarch +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch +perl-ExtUtils-Embed-1.35-488.cm2.noarch +perl-Encode-devel-3.08-488.cm2.noarch +perl-devel-5.34.1-488.cm2.x86_64 +perl-ExtUtils-Install-2.20-488.cm2.noarch +perl-CPAN-2.28-488.cm2.noarch +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch +perl-ODBM_File-1.17-488.cm2.x86_64 +perl-NDBM_File-1.15-488.cm2.x86_64 +perl-GDBM_File-1.19-488.cm2.x86_64 +perl-PathTools-3.80-488.cm2.x86_64 +perl-Exporter-5.76-488.cm2.noarch +perl-Pod-Perldoc-3.28.01-488.cm2.noarch +perl-Encode-3.08-488.cm2.x86_64 +perl-DynaLoader-1.50-488.cm2.x86_64 +perl-Carp-1.52-488.cm2.noarch +perl-5.34.1-488.cm2.x86_64 +perl-libs-5.34.1-488.cm2.x86_64 +perl-doc-5.34.1-488.cm2.noarch +perl-macros-5.34.1-488.cm2.noarch +perl-interpreter-5.34.1-488.cm2.x86_64 +net-snmp-libs-5.9.1-2.cm2.x86_64 +rsyslog-8.2204.1-3.cm2.x86_64 +python3-distro-1.6.0-2.cm2.noarch +WALinuxAgent-2.3.1.1-3.cm2.noarch +gpg-pubkey-3135ce90-5e6fda74 +gpg-pubkey-be1229cf-5631588c +inotify-tools-3.22.1.0-1.cm2.x86_64 +filesystem-1.1-15.cm2.x86_64 +glibc-2.35-4.cm2.x86_64 +bash-5.1.8-3.cm2.x86_64 +libcap-2.60-2.cm2.x86_64 +rpm-libs-4.18.0-3.cm2.x86_64 +openssh-clients-8.9p1-1.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +rpm-4.18.0-3.cm2.x86_64 +libxml2-2.10.4-1.cm2.x86_64 +rpm-devel-4.18.0-3.cm2.x86_64 +openssh-server-8.9p1-1.cm2.x86_64 +libsolv-0.7.24-1.cm2.x86_64 +rpm-build-libs-4.18.0-3.cm2.x86_64 +kernel-5.15.125.1-2.cm2.x86_64 +mariner-rpm-macros-2.0-23.cm2.noarch +dhcp-libs-4.4.2-5.cm2.x86_64 +dhcp-client-4.4.2-5.cm2.x86_64 +nghttp2-1.46.0-3.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 +qemu-virtiofsd-6.2.0-16.cm2.x86_64 +tdnf-cli-libs-3.5.2-2.cm2.x86_64 +tdnf-3.5.2-2.cm2.x86_64 +tdnf-plugin-repogpgcheck-3.5.2-2.cm2.x86_64 +systemd-rpm-macros-250.3-17.cm2.noarch +systemd-250.3-17.cm2.x86_64 +qemu-common-6.2.0-16.cm2.x86_64 +qemu-ipxe-6.2.0-16.cm2.x86_64 +qemu-system-x86-core-6.2.0-16.cm2.x86_64 +qemu-kvm-core-6.2.0-16.cm2.x86_64 +dbus-1.15.2-3.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervvssd-5.15.125.1-1.cm2.x86_64 +iptables-1.8.7-3.cm2.x86_64 +python3-certifi-2023.05.07-1.cm2.noarch +python3-requests-2.27.1-6.cm2.noarch +cloud-init-23.2-1.cm2.noarch +mariner-release-2.0-48.cm2.noarch +core-packages-container-2.0-8.cm2.x86_64 +busybox-1.35.0-5.cm2.x86_64 +bind-license-9.16.33-2.cm2.noarch +bind-libs-9.16.33-2.cm2.x86_64 +bind-utils-9.16.33-2.cm2.x86_64 +kata-containers-3.1.0-3.cm2.x86_64 +core-packages-base-image-2.0-8.cm2.x86_64 +cloud-init-azure-kvp-23.2-1.cm2.noarch +hyperv-daemons-5.15.125.1-1.cm2.x86_64 +librepo-1.15.1-1.cm2.x86_64 +python3-rpm-4.18.0-3.cm2.x86_64 +openssh-8.9p1-1.cm2.x86_64 +initramfs-2.0-13.cm2.x86_64 +glibc-iconv-2.35-4.cm2.x86_64 +gmp-6.2.1-3.cm2.x86_64 +postgresql-libs-14.8-1.cm2.x86_64 +kernel-uvm-5.15.110.mshv2-2.cm2.x86_64 +mshv-25357.1.230428-1528.4.cm2.x86_64 +fuse-2.9.7-10.cm2.x86_64 +boost-1.76.0-3.cm2.x86_64 +blobfuse-1.4.5-10.cm2.x86_64 +python3-dbus-1.2.16-3.cm2.x86_64 +python3-dateutil-2.7.3-5.cm2.noarch +python3-dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-utils-4.0.24-3.cm2.noarch +check-restart-1.0.0-2.cm2.x86_64 +keyutils-1.6.1-1.cm2.x86_64 +cifs-utils-6.14-2.cm2.x86_64 +libnfnetlink-1.0.1-5.cm2.x86_64 +libnetfilter_conntrack-1.0.8-1.cm2.x86_64 +libnetfilter_queue-1.0.5-1.cm2.x86_64 +libnetfilter_cttimeout-1.0.0-5.cm2.x86_64 +libnetfilter_cthelper-1.0.0-5.cm2.x86_64 +conntrack-tools-1.4.5-7.cm2.x86_64 +dnf-automatic-4.8.0-2.cm2.noarch +ebtables-legacy-2.0.11-6.cm2.x86_64 +ethtool-5.16-1.cm2.x86_64 +apr-1.7.2-1.cm2.x86_64 +apr-util-1.6.3-1.cm2.x86_64 +utf8proc-2.6.1-2.cm2.x86_64 +libserf-1.3.9-8.cm2.x86_64 +subversion-1.14.2-1.cm2.x86_64 +subversion-perl-1.14.2-1.cm2.x86_64 +perl-YAML-1.30-2.cm2.noarch +perl-DBI-1.643-2.cm2.x86_64 +perl-CGI-4.54-3.cm2.noarch +less-590-2.cm2.x86_64 +git-2.33.8-1.cm2.x86_64 +iotop-0.6-10.cm2.noarch +ipset-7.15-1.cm2.x86_64 +oniguruma-6.9.7.1-1.cm2.x86_64 +jq-1.6-1.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 +libtirpc-1.3.3-1.cm2.x86_64 +lsof-4.94.0-1.cm2.x86_64 +libpcap-1.10.1-1.cm2.x86_64 +nmap-ncat-7.93-1.cm2.x86_64 +rpcbind-1.2.5-5.cm2.x86_64 +libnfsidmap-2.5.4-2.cm2.x86_64 +libevent-2.1.12-1.cm2.x86_64 +nfs-utils-2.5.4-2.cm2.x86_64 +pigz-2.6-2.cm2.x86_64 +psmisc-23.4-1.cm2.x86_64 +socat-1.7.4.3-1.cm2.x86_64 +sysstat-12.7.1-2.cm2.x86_64 +traceroute-2.1.0-6.cm2.x86_64 +zip-3.0-5.cm2.x86_64 +libapparmor-3.0.4-1.cm2.x86_64 +apparmor-parser-3.0.4-1.cm2.x86_64 +fuse-common-3.10.5-2.cm2.x86_64 +fuse3-3.10.5-2.cm2.x86_64 +blobfuse2-2.0.5-1.cm2.x86_64 +libnftnl-1.2.1-1.cm2.x86_64 +jansson-2.14-1.cm2.x86_64 +nftables-1.0.1-1.cm2.x86_64 +moby-runc-1.1.5-2.cm2.x86_64 +moby-containerd-1.6.18-5.cm2.x86_64 +llvm-12.0.1-7.cm2.x86_64 +binutils-devel-2.37-5.cm2.x86_64 +binutils-2.37-5.cm2.x86_64 +compiler-rt-12.0.1-1.cm2.x86_64 +clang-libs-12.0.1-4.cm2.x86_64 +bcc-0.27.0-1.cm2.x86_64 +clang-12.0.1-4.cm2.x86_64 +bpftrace-0.16.0-1.cm2.x86_64 +python3-bcc-0.27.0-1.cm2.x86_64 +bcc-tools-0.27.0-1.cm2.x86_64 +bcc-examples-0.27.0-1.cm2.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 4.0M 0 4.0M 0% /dev +tmpfs 7.6G 0 7.6G 0% /dev/shm +tmpfs 3.1G 592K 3.1G 1% /run +tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup +/dev/sda3 29G 20G 8.0G 71% / +tmpfs 7.6G 4.0K 7.6G 1% /tmp +/dev/sda2 474M 77M 369M 18% /boot +/dev/sda1 64M 36M 28M 57% /boot/efi +/dev/sdb1 147G 40K 140G 1% /mnt +tmpfs 1.6G 0 1.6G 0% /run/user/1000 +Using kernel: +Linux version 5.15.110.mshv2-3.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sun Jun 11 05:43:08 UTC 2023 +Install completed successfully on Tue Aug 22 16:46:54 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V2 +Feature flags: kata +Container runtime: containerd +FIPS enabled: false +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="2.0.20230811" +ID=mariner +VERSION_ID="2.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-image-list.json index af068c65806..0914cca954c 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V2katagen2", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-report.json index 54441a60ce0..4732e49fd10 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest-trivy-report.json @@ -1,11 +1,11 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmimc6vc2k27", + "ArtifactName": "pkrvmr5iwo58qpj", "ArtifactType": "filesystem", "Metadata": { "OS": { "Family": "cbl-mariner", - "Name": "2.0.20230805" + "Name": "2.0.20230811" }, "ImageConfig": { "architecture": "", @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmimc6vc2k27 (cbl-mariner 2.0.20230805)", + "Target": "pkrvmr5iwo58qpj (cbl-mariner 2.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner", "Vulnerabilities": [ @@ -530,6 +530,7 @@ "https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72", "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6285-1", + "https://ubuntu.com/security/notices/USN-6300-1", "https://www.cve.org/CVERecord?id=CVE-2022-48502" ], "PublishedDate": "2023-05-31T20:15:00Z", @@ -590,12 +591,15 @@ "https://ubuntu.com/security/notices/USN-6252-1", "https://ubuntu.com/security/notices/USN-6254-1", "https://ubuntu.com/security/notices/USN-6284-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://ubuntu.com/security/notices/USN-6301-1", "https://www.cve.org/CVERecord?id=CVE-2023-2124", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/04/19/2" ], "PublishedDate": "2023-05-15T22:15:00Z", - "LastModifiedDate": "2023-07-06T04:15:00Z" + "LastModifiedDate": "2023-08-19T18:15:00Z" }, { "VulnerabilityID": "CVE-2023-22995", @@ -813,10 +817,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3111", @@ -857,10 +862,12 @@ "https://ubuntu.com/security/notices/USN-6221-1", "https://ubuntu.com/security/notices/USN-6252-1", "https://ubuntu.com/security/notices/USN-6284-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3111" + "https://ubuntu.com/security/notices/USN-6301-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3111", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-05T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3141", @@ -909,6 +916,8 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6283-1", "https://ubuntu.com/security/notices/USN-6284-1", + "https://ubuntu.com/security/notices/USN-6300-1", + "https://ubuntu.com/security/notices/USN-6301-1", "https://www.cve.org/CVERecord?id=CVE-2023-3141" ], "PublishedDate": "2023-06-09T20:15:00Z", @@ -955,11 +964,13 @@ "https://ubuntu.com/security/notices/USN-6252-1", "https://ubuntu.com/security/notices/USN-6254-1", "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", "https://www.cve.org/CVERecord?id=CVE-2023-3268", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-16T19:15:00Z", - "LastModifiedDate": "2023-08-08T13:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3269", @@ -1137,10 +1148,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1181,6 +1193,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1195,7 +1208,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35788", @@ -1258,11 +1271,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-35823", @@ -1306,6 +1320,7 @@ "https://nvd.nist.gov/vuln/detail/CVE-2023-35823", "https://security.netapp.com/advisory/ntap-20230803-0002/", "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", "https://www.cve.org/CVERecord?id=CVE-2023-35823" ], "PublishedDate": "2023-06-18T22:15:00Z", @@ -1355,6 +1370,7 @@ "https://nvd.nist.gov/vuln/detail/CVE-2023-35824", "https://security.netapp.com/advisory/ntap-20230803-0002/", "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", "https://www.cve.org/CVERecord?id=CVE-2023-35824" ], "PublishedDate": "2023-06-18T22:15:00Z", @@ -1448,6 +1464,7 @@ "https://nvd.nist.gov/vuln/detail/CVE-2023-35828", "https://security.netapp.com/advisory/ntap-20230803-0002/", "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", "https://www.cve.org/CVERecord?id=CVE-2023-35828" ], "PublishedDate": "2023-06-18T22:15:00Z", @@ -1494,6 +1511,7 @@ "https://nvd.nist.gov/vuln/detail/CVE-2023-35829", "https://security.netapp.com/advisory/ntap-20230803-0002/", "https://ubuntu.com/security/notices/USN-6283-1", + "https://ubuntu.com/security/notices/USN-6300-1", "https://www.cve.org/CVERecord?id=CVE-2023-35829" ], "PublishedDate": "2023-06-18T22:15:00Z", @@ -1535,11 +1553,13 @@ "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc", "https://nvd.nist.gov/vuln/detail/CVE-2023-3609", "https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html", + "https://security.netapp.com/advisory/ntap-20230818-0005/", "https://ubuntu.com/security/notices/USN-6285-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3609" + "https://www.cve.org/CVERecord?id=CVE-2023-3609", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-07-21T21:15:00Z", - "LastModifiedDate": "2023-07-31T17:25:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3610", @@ -1578,12 +1598,13 @@ "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3610", "https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html", + "https://security.netapp.com/advisory/ntap-20230818-0005/", "https://ubuntu.com/security/notices/USN-6285-1", "https://www.cve.org/CVERecord?id=CVE-2023-3610", "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-07-21T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-3611", @@ -1622,10 +1643,11 @@ "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64", "https://nvd.nist.gov/vuln/detail/CVE-2023-3611", "https://ubuntu.com/security/notices/USN-6285-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3611" + "https://www.cve.org/CVERecord?id=CVE-2023-3611", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-07-21T21:15:00Z", - "LastModifiedDate": "2023-07-31T17:20:00Z" + "LastModifiedDate": "2023-08-19T18:17:00Z" }, { "VulnerabilityID": "CVE-2023-3776", @@ -1664,10 +1686,11 @@ "https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f", "https://nvd.nist.gov/vuln/detail/CVE-2023-3776", "https://ubuntu.com/security/notices/USN-6285-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3776" + "https://www.cve.org/CVERecord?id=CVE-2023-3776", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-07-21T21:15:00Z", - "LastModifiedDate": "2023-07-31T17:26:00Z" + "LastModifiedDate": "2023-08-19T18:17:00Z" } ] }, @@ -3250,7 +3273,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3259,7 +3284,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -3409,7 +3434,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3418,7 +3445,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -3568,7 +3595,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3577,7 +3606,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -3727,7 +3756,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3736,7 +3767,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -3889,7 +3920,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3898,7 +3931,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest.txt index eeb648037df..7101f227241 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:34 UTC 2023 +Starting build on Tue Aug 22 16:24:46 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -132,15 +133,15 @@ kubelet/kubectl downloaded: lrwxrwxrwx 1 root root 21 Jul 21 20:08 /usr/local/bin/kata-runtime -> /usr/bin/kata-runtime lrwxrwxrwx 1 root root 21 Jul 21 20:08 /usr/local/bin/kata-monitor -> /usr/bin/kata-monitor lrwxrwxrwx 1 root root 32 Jul 21 20:08 /usr/local/bin/containerd-shim-kata-v2 -> /usr/bin/containerd-shim-kata-v2 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:11 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:11 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:14 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:14 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:16 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:24 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:24 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:28 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:28 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:30 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:30 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:33 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin libgcc-11.2.0-4.cm2.x86_64 pcre-libs-8.45-2.cm2.x86_64 @@ -241,8 +242,6 @@ lvm2-2.03.15-2.cm2.x86_64 pkgconf-m4-1.8.0-3.cm2.noarch libsemanage-3.2-2.cm2.x86_64 shadow-utils-4.9-12.cm2.x86_64 -curl-libs-8.0.1-2.cm2.x86_64 -curl-8.0.1-2.cm2.x86_64 libpkgconf-1.8.0-3.cm2.x86_64 pkgconf-1.8.0-3.cm2.x86_64 pkgconf-pkg-config-1.8.0-3.cm2.x86_64 @@ -338,7 +337,6 @@ python3-jsonpointer-2.2-1.cm2.noarch python3-jsonpatch-1.32-1.cm2.noarch python3-wcwidth-0.2.5-1.cm2.noarch python3-prettytable-3.2.0-2.cm2.noarch -python3-certifi-2022.12.07-1.cm2.noarch python3-charset-normalizer-2.0.11-2.cm2.noarch python3-urllib3-1.26.9-1.cm2.noarch python3-asn1crypto-1.5.1-1.cm2.noarch @@ -570,17 +568,20 @@ bash-5.1.8-3.cm2.x86_64 libcap-2.60-2.cm2.x86_64 rpm-libs-4.18.0-3.cm2.x86_64 openssh-clients-8.9p1-1.cm2.x86_64 -hyperv-daemons-license-5.15.122.1-1.cm2.noarch +hyperv-daemons-license-5.15.125.1-1.cm2.noarch rpm-4.18.0-3.cm2.x86_64 libxml2-2.10.4-1.cm2.x86_64 rpm-devel-4.18.0-3.cm2.x86_64 openssh-server-8.9p1-1.cm2.x86_64 libsolv-0.7.24-1.cm2.x86_64 rpm-build-libs-4.18.0-3.cm2.x86_64 -kernel-5.15.122.1-2.cm2.x86_64 +kernel-5.15.125.1-2.cm2.x86_64 mariner-rpm-macros-2.0-23.cm2.noarch dhcp-libs-4.4.2-5.cm2.x86_64 dhcp-client-4.4.2-5.cm2.x86_64 +nghttp2-1.46.0-3.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 qemu-virtiofsd-6.2.0-16.cm2.x86_64 tdnf-cli-libs-3.5.2-2.cm2.x86_64 tdnf-3.5.2-2.cm2.x86_64 @@ -592,13 +593,14 @@ qemu-ipxe-6.2.0-16.cm2.x86_64 qemu-system-x86-core-6.2.0-16.cm2.x86_64 qemu-kvm-core-6.2.0-16.cm2.x86_64 dbus-1.15.2-3.cm2.x86_64 -hypervfcopyd-5.15.122.1-1.cm2.x86_64 -hypervkvpd-5.15.122.1-1.cm2.x86_64 -hypervvssd-5.15.122.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervvssd-5.15.125.1-1.cm2.x86_64 iptables-1.8.7-3.cm2.x86_64 +python3-certifi-2023.05.07-1.cm2.noarch python3-requests-2.27.1-6.cm2.noarch cloud-init-23.2-1.cm2.noarch -mariner-release-2.0-46.cm2.noarch +mariner-release-2.0-48.cm2.noarch core-packages-container-2.0-8.cm2.x86_64 busybox-1.35.0-5.cm2.x86_64 bind-license-9.16.33-2.cm2.noarch @@ -607,14 +609,13 @@ bind-utils-9.16.33-2.cm2.x86_64 kata-containers-3.1.0-3.cm2.x86_64 core-packages-base-image-2.0-8.cm2.x86_64 cloud-init-azure-kvp-23.2-1.cm2.noarch -hyperv-daemons-5.15.122.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 +librepo-1.15.1-1.cm2.x86_64 python3-rpm-4.18.0-3.cm2.x86_64 openssh-8.9p1-1.cm2.x86_64 -librepo-1.15.1-1.cm2.x86_64 initramfs-2.0-13.cm2.x86_64 glibc-iconv-2.35-4.cm2.x86_64 gmp-6.2.1-3.cm2.x86_64 -nghttp2-1.46.0-3.cm2.x86_64 postgresql-libs-14.8-1.cm2.x86_64 kernel-uvm-5.15.110.mshv2-2.cm2.x86_64 mshv-25357.1.230428-1528.4.cm2.x86_64 @@ -653,7 +654,7 @@ iotop-0.6-10.cm2.noarch ipset-7.15-1.cm2.x86_64 oniguruma-6.9.7.1-1.cm2.x86_64 jq-1.6-1.cm2.x86_64 -kernel-devel-5.15.122.1-2.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 libtirpc-1.3.3-1.cm2.x86_64 lsof-4.94.0-1.cm2.x86_64 libpcap-1.10.1-1.cm2.x86_64 @@ -696,7 +697,7 @@ devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 7.6G 0 7.6G 0% /dev/shm tmpfs 3.1G 592K 3.1G 1% /run tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup -/dev/sda3 29G 20G 8.2G 71% / +/dev/sda3 29G 20G 8.0G 71% / tmpfs 7.6G 4.0K 7.6G 1% /tmp /dev/sda2 474M 77M 369M 18% /boot /dev/sda1 64M 36M 28M 57% /boot/efi @@ -704,10 +705,10 @@ tmpfs 7.6G 4.0K 7.6G 1% /tmp tmpfs 1.6G 0 1.6G 0% /run/user/1000 Using kernel: Linux version 5.15.110.mshv2-3.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sun Jun 11 05:43:08 UTC 2023 -Install completed successfully on Wed Aug 16 17:29:21 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 16:46:54 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V2 Feature flags: kata @@ -715,7 +716,7 @@ Container runtime: containerd FIPS enabled: false === os-release Begin NAME="Common Base Linux Mariner" -VERSION="2.0.20230805" +VERSION="2.0.20230811" ID=mariner VERSION_ID="2.0" PRETTY_NAME="CBL-Mariner/Linux" diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-image-list.json new file mode 100644 index 00000000000..04d6bbb8437 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "V2gen2TL", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..2e0de63314d --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmd3j50rbkvt", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "cbl-mariner", + "Name": "2.0.20230811" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmd3j50rbkvt (cbl-mariner 2.0.20230811)", + "Class": "os-pkgs", + "Type": "cbl-mariner" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0.txt new file mode 100644 index 00000000000..c70f5248ea8 --- /dev/null +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/202308.22.0.txt @@ -0,0 +1,696 @@ +Starting build on Tue Aug 22 16:26:20 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.5 + - bpftrace v0.16.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +filesystem-1.1-15.cm2.x86_64 +glibc-2.35-4.cm2.x86_64 +libgcc-11.2.0-4.cm2.x86_64 +pcre-libs-8.45-2.cm2.x86_64 +libstdc++-11.2.0-4.cm2.x86_64 +zlib-1.2.13-1.cm2.x86_64 +xz-libs-5.2.5-1.cm2.x86_64 +ncurses-libs-6.4-1.cm2.x86_64 +readline-8.1-1.cm2.x86_64 +libcap-2.60-2.cm2.x86_64 +bzip2-libs-1.0.8-1.cm2.x86_64 +pcre-8.45-2.cm2.x86_64 +gmp-6.2.1-3.cm2.x86_64 +libselinux-3.2-1.cm2.x86_64 +coreutils-8.32-6.cm2.x86_64 +grep-3.7-2.cm2.x86_64 +bash-5.1.8-3.cm2.x86_64 +libsepol-3.2-2.cm2.x86_64 +xz-5.2.5-1.cm2.x86_64 +kmod-29-1.cm2.x86_64 +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch +shim-15.4-2.cm2.x86_64 +grub2-efi-binary-2.06-10.cm2.x86_64 +popt-1.18-1.cm2.x86_64 +slang-2.3.2-4.cm2.x86_64 +newt-0.52.21-4.cm2.x86_64 +chkconfig-1.20-3.cm2.x86_64 +ca-certificates-shared-2.0.0-13.cm2.noarch +libffi-3.4.2-2.cm2.x86_64 +p11-kit-0.24.1-1.cm2.x86_64 +libtasn1-4.19.0-1.cm2.x86_64 +p11-kit-trust-0.24.1-1.cm2.x86_64 +ca-certificates-tools-2.0.0-13.cm2.noarch +ca-certificates-2.0.0-13.cm2.noarch +util-linux-libs-2.37.4-6.cm2.x86_64 +libgpg-error-1.46-1.cm2.x86_64 +openssl-libs-1.1.1k-24.cm2.x86_64 +libgcrypt-1.9.4-1.cm2.x86_64 +glib-2.71.0-1.cm2.x86_64 +lz4-1.9.3-1.cm2.x86_64 +systemd-rpm-macros-250.3-17.cm2.noarch +libcap-ng-0.8.2-2.cm2.x86_64 +audit-libs-3.0.6-7.cm2.x86_64 +json-c-0.15-1.cm2.x86_64 +cracklib-2.9.7-5.cm2.x86_64 +cracklib-dicts-2.9.7-5.cm2.x86_64 +pam-1.5.1-5.cm2.x86_64 +cryptsetup-libs-2.4.3-3.cm2.x86_64 +systemd-250.3-17.cm2.x86_64 +device-mapper-libs-2.03.15-2.cm2.x86_64 +cronie-1.5.7-2.cm2.x86_64 +cronie-anacron-1.5.7-2.cm2.x86_64 +logrotate-3.20.1-1.cm2.x86_64 +openssl-1.1.1k-24.cm2.x86_64 +sqlite-libs-3.39.2-2.cm2.x86_64 +expat-libs-2.5.0-1.cm2.x86_64 +zstd-libs-1.5.0-1.cm2.x86_64 +elfutils-libelf-0.186-1.cm2.x86_64 +e2fsprogs-libs-1.46.5-3.cm2.x86_64 +krb5-1.19.4-1.cm2.x86_64 +libassuan-2.5.5-2.cm2.x86_64 +expat-2.5.0-1.cm2.x86_64 +libssh2-1.9.0-2.cm2.x86_64 +iana-etc-20211115-2.cm2.noarch +libpwquality-1.4.4-1.cm2.x86_64 +file-libs-5.40-2.cm2.x86_64 +device-mapper-2.03.15-2.cm2.x86_64 +device-mapper-event-libs-2.03.15-2.cm2.x86_64 +ncurses-6.4-1.cm2.x86_64 +lmdb-libs-0.9.29-1.cm2.x86_64 +lua-libs-5.4.4-1.cm2.x86_64 +rpm-libs-4.18.0-3.cm2.x86_64 +libsolv-0.7.24-1.cm2.x86_64 +libedit-3.1.20210910-1.cm2.x86_64 +procps-ng-3.3.17-1.cm2.x86_64 +device-mapper-event-2.03.15-2.cm2.x86_64 +util-linux-2.37.4-6.cm2.x86_64 +file-5.40-2.cm2.x86_64 +cryptsetup-2.4.3-3.cm2.x86_64 +iptables-1.8.7-3.cm2.x86_64 +dbus-1.15.2-3.cm2.x86_64 +pinentry-1.2.0-1.cm2.x86_64 +openssh-clients-8.9p1-1.cm2.x86_64 +e2fsprogs-1.46.5-3.cm2.x86_64 +libarchive-3.6.1-2.cm2.x86_64 +rpm-4.18.0-3.cm2.x86_64 +bc-1.07.1-4.cm2.x86_64 +bridge-utils-1.7.1-1.cm2.x86_64 +cpio-2.13-4.cm2.x86_64 +gdbm-1.21-1.cm2.x86_64 +iputils-20211215-1.cm2.x86_64 +irqbalance-1.8.0-2.cm2.x86_64 +libtool-2.4.6-8.cm2.x86_64 +mariner-rpm-macros-2.0-23.cm2.noarch +net-tools-2.10-2.cm2.x86_64 +tar-1.34-1.cm2.x86_64 +tzdata-2023c-1.cm2.noarch +which-2.21-8.cm2.x86_64 +libseccomp-2.5.3-1.cm2.x86_64 +nettle-3.7.3-2.cm2.x86_64 +bzip2-1.0.8-1.cm2.x86_64 +ca-certificates-base-2.0.0-13.cm2.noarch +findutils-4.8.0-4.cm2.x86_64 +gzip-1.12-1.cm2.x86_64 +sed-4.8-2.cm2.x86_64 +libmnl-1.0.4-6.cm2.x86_64 +iproute-5.15.0-2.cm2.x86_64 +libaio-0.3.112-4.cm2.x86_64 +lvm2-2.03.15-2.cm2.x86_64 +pkgconf-m4-1.8.0-3.cm2.noarch +libsemanage-3.2-2.cm2.x86_64 +shadow-utils-4.9-12.cm2.x86_64 +tdnf-cli-libs-3.5.2-2.cm2.x86_64 +libpkgconf-1.8.0-3.cm2.x86_64 +pkgconf-1.8.0-3.cm2.x86_64 +pkgconf-pkg-config-1.8.0-3.cm2.x86_64 +bind-license-9.16.33-2.cm2.noarch +libuv-1.43.0-1.cm2.x86_64 +libxml2-2.10.4-1.cm2.x86_64 +bind-libs-9.16.33-2.cm2.x86_64 +bind-utils-9.16.33-2.cm2.x86_64 +chrony-4.1-2.cm2.x86_64 +nghttp2-1.46.0-3.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 +tdnf-3.5.2-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 +libdb-5.3.28-7.cm2.x86_64 +cyrus-sasl-lib-2.1.28-4.cm2.x86_64 +openldap-2.4.57-8.cm2.x86_64 +sudo-1.9.13p3-2.cm2.x86_64 +libksba-1.6.3-1.cm2.x86_64 +npth-1.6-4.cm2.x86_64 +gnupg2-2.4.0-2.cm2.x86_64 +gpgme-1.16.0-1.cm2.x86_64 +mariner-repos-shared-2.0-8.cm2.noarch +mariner-repos-microsoft-2.0-8.cm2.noarch +mariner-repos-extras-2.0-8.cm2.noarch +mariner-repos-2.0-8.cm2.noarch +tdnf-plugin-repogpgcheck-3.5.2-2.cm2.x86_64 +core-packages-container-2.0-8.cm2.x86_64 +core-packages-base-image-2.0-8.cm2.x86_64 +dracut-055-5.cm2.x86_64 +initramfs-2.0-13.cm2.x86_64 +python3-3.9.14-6.cm2.x86_64 +python3-libs-3.9.14-6.cm2.x86_64 +zchunk-libs-1.1.16-2.cm2.x86_64 +zchunk-1.1.16-2.cm2.x86_64 +librepo-1.15.1-1.cm2.x86_64 +python3-curses-3.9.14-6.cm2.x86_64 +python3-gpg-1.16.0-1.cm2.x86_64 +dnf-data-4.8.0-2.cm2.noarch +libcomps-0.1.18-1.cm2.x86_64 +python3-libcomps-0.1.18-1.cm2.x86_64 +elfutils-default-yama-scope-0.186-1.cm2.noarch +libgomp-11.2.0-4.cm2.x86_64 +popt-devel-1.18-1.cm2.x86_64 +libyaml-0.2.5-3.cm2.x86_64 +libmodulemd-2.13.0-2.cm2.x86_64 +libdnf-0.63.1-1.cm2.x86_64 +python3-libdnf-0.63.1-1.cm2.x86_64 +python3-hawkey-0.63.1-1.cm2.x86_64 +elfutils-libelf-devel-0.186-1.cm2.x86_64 +xz-devel-5.2.5-1.cm2.x86_64 +zlib-devel-1.2.13-1.cm2.x86_64 +zstd-1.5.0-1.cm2.x86_64 +zstd-devel-1.5.0-1.cm2.x86_64 +elfutils-0.186-1.cm2.x86_64 +elfutils-devel-0.186-1.cm2.x86_64 +rpm-build-libs-4.18.0-3.cm2.x86_64 +rpm-devel-4.18.0-3.cm2.x86_64 +python3-rpm-4.18.0-3.cm2.x86_64 +python3-dnf-4.8.0-2.cm2.noarch +dnf-4.8.0-2.cm2.noarch +wget-1.21.2-1.cm2.x86_64 +python3-six-1.16.0-2.cm2.noarch +python3-markupsafe-2.1.0-1.cm2.x86_64 +python3-idna-3.3-1.cm2.noarch +python3-jinja2-3.0.3-2.cm2.noarch +python3-configobj-5.0.6-7.cm2.noarch +PyYAML-3.13-8.cm2.x86_64 +python3-jsonschema-2.6.0-6.cm2.noarch +python3-netifaces-0.11.0-1.cm2.x86_64 +python3-oauthlib-2.1.0-7.cm2.noarch +python3-setuptools-3.9.14-6.cm2.noarch +dhcp-libs-4.4.2-5.cm2.x86_64 +dhcp-client-4.4.2-5.cm2.x86_64 +python3-jsonpointer-2.2-1.cm2.noarch +python3-jsonpatch-1.32-1.cm2.noarch +python3-wcwidth-0.2.5-1.cm2.noarch +python3-prettytable-3.2.0-2.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch +python3-charset-normalizer-2.0.11-2.cm2.noarch +python3-urllib3-1.26.9-1.cm2.noarch +python3-asn1crypto-1.5.1-1.cm2.noarch +python3-pyasn1-0.4.8-1.cm2.noarch +python3-pycparser-2.21-1.cm2.noarch +python3-cffi-1.15.0-2.cm2.x86_64 +python3-pyparsing-3.0.7-1.cm2.noarch +python3-packaging-21.3-1.cm2.noarch +python3-cryptography-3.3.2-4.cm2.x86_64 +python3-pyOpenSSL-18.0.0-8.cm2.noarch +python3-requests-2.27.1-6.cm2.noarch +cloud-init-23.2-1.cm2.noarch +cloud-init-azure-kvp-23.2-1.cm2.noarch +gptfdisk-1.0.8-1.cm2.x86_64 +mpfr-4.1.0-1.cm2.x86_64 +gawk-5.1.0-2.cm2.x86_64 +cloud-utils-growpart-0.32-3.cm2.noarch +grub2-2.06-10.cm2.x86_64 +installkernel-1.0.0-2.cm2.noarch +grubby-8.40-45.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 +lzo-2.10-4.cm2.x86_64 +squashfs-tools-4.5.1-1.cm2.x86_64 +ethtool-5.16-1.cm2.x86_64 +snappy-1.1.9-2.cm2.x86_64 +kexec-tools-2.0.23-2.cm2.x86_64 +libnl3-3.5.0-3.cm2.x86_64 +wpa_supplicant-2.10-1.cm2.x86_64 +netplan-0.95-1.cm2.x86_64 +ncurses-term-6.4-1.cm2.x86_64 +openssh-server-8.9p1-1.cm2.x86_64 +libestr-0.1.11-1.cm2.x86_64 +libfastjson-0.99.9-1.cm2.x86_64 +gc-8.0.0-4.cm2.x86_64 +libmpc-1.2.1-1.cm2.x86_64 +libstdc++-devel-11.2.0-4.cm2.x86_64 +liblognorm-2.0.6-2.cm2.x86_64 +postgresql-libs-14.8-1.cm2.x86_64 +autogen-libopts-5.18.16-8.cm2.x86_64 +cyrus-sasl-2.1.28-4.cm2.x86_64 +librdkafka1-1.8.2-1.cm2.x86_64 +glibc-iconv-2.35-4.cm2.x86_64 +libltdl-2.4.6-8.cm2.x86_64 +libunistring-0.9.10-5.cm2.x86_64 +guile-2.0.14-4.cm2.x86_64 +gnutls-3.7.7-2.cm2.x86_64 +librelp-1.10.0-1.cm2.x86_64 +make-4.3-2.cm2.x86_64 +libgcc-atomic-11.2.0-4.cm2.x86_64 +libgcc-devel-11.2.0-4.cm2.x86_64 +libgomp-devel-11.2.0-4.cm2.x86_64 +gcc-c++-11.2.0-4.cm2.x86_64 +gcc-11.2.0-4.cm2.x86_64 +perl-vmsish-1.04-488.cm2.noarch +perl-version-0.99.28-488.cm2.noarch +perl-subs-1.04-488.cm2.noarch +perl-ph-5.34.1-488.cm2.x86_64 +perl-perlfaq-5.20210411-488.cm2.noarch +perl-parent-0.238-488.cm2.noarch +perl-mro-1.25-488.cm2.x86_64 +perl-meta-notation-5.34.1-488.cm2.noarch +perl-less-0.03-488.cm2.noarch +perl-if-0.60.900-488.cm2.noarch +perl-filetest-1.03-488.cm2.noarch +perl-ExtUtils-MM-Utils-7.44-488.cm2.noarch +perl-Devel-PPPort-3.62-488.cm2.x86_64 +perl-vars-1.05-488.cm2.noarch +perl-sort-2.04-488.cm2.noarch +perl-overloading-0.02-488.cm2.noarch +perl-lib-0.65-488.cm2.x86_64 +perl-experimental-0.024-488.cm2.noarch +perl-encoding-warnings-0.13-488.cm2.noarch +perl-deprecate-0.04-488.cm2.noarch +perl-constant-1.33-488.cm2.noarch +perl-base-2.27-488.cm2.noarch +perl-autouse-1.11-488.cm2.noarch +perl-Tie-Memoize-1.1-488.cm2.noarch +perl-Env-1.05-488.cm2.noarch +perl-Tie-4.6-488.cm2.noarch +perl-Term-ReadLine-1.17-488.cm2.noarch +perl-Term-Cap-1.17-488.cm2.noarch +perl-Module-Loaded-0.08-488.cm2.noarch +perl-CPAN-Meta-Requirements-2.140-488.cm2.noarch +perl-AutoLoader-5.74-488.cm2.noarch +perl-Attribute-Handlers-1.01-488.cm2.noarch +perl-Unicode-Normalize-1.28-488.cm2.x86_64 +perl-Time-Local-1.300-488.cm2.noarch +perl-Time-HiRes-1.9767-488.cm2.x86_64 +perl-Text-Tabs+Wrap-2013.0523-488.cm2.noarch +perl-File-DosGlob-1.12-488.cm2.x86_64 +perl-Text-ParseWords-3.30-488.cm2.noarch +perl-Text-Abbrev-1.02-488.cm2.noarch +perl-Term-Complete-1.403-488.cm2.noarch +perl-Term-ANSIColor-5.01-488.cm2.noarch +perl-sigtrap-1.09-488.cm2.noarch +perl-SelectSaver-1.02-488.cm2.noarch +perl-DirHandle-1.05-488.cm2.noarch +perl-Symbol-1.09-488.cm2.noarch +perl-Socket-2.031-488.cm2.x86_64 +perl-Search-Dict-1.07-488.cm2.noarch +perl-threads-shared-1.62-488.cm2.x86_64 +perl-Thread-3.05-488.cm2.noarch +perl-threads-2.26-488.cm2.x86_64 +perl-Text-Balanced-2.04-488.cm2.noarch +perl-NEXT-0.68-488.cm2.noarch +perl-overload-1.33-488.cm2.noarch +perl-Time-Piece-1.3401-488.cm2.x86_64 +perl-Tie-RefHash-1.40-488.cm2.noarch +perl-Thread-Semaphore-2.13-488.cm2.noarch +perl-Thread-Queue-3.14-488.cm2.noarch +perl-Module-CoreList-5.20220313-488.cm2.noarch +perl-Scalar-List-Utils-1.55-488.cm2.x86_64 +perl-Pod-Functions-1.13-488.cm2.noarch +perl-Pod-Escapes-1.07-488.cm2.noarch +perl-Perl-OSType-1.010-488.cm2.noarch +perl-Opcode-1.50-488.cm2.x86_64 +perl-Math-Complex-1.59-488.cm2.noarch +perl-bignum-0.51-488.cm2.noarch +perl-Math-BigRat-0.2614-488.cm2.noarch +perl-Math-BigInt-FastCalc-0.500.900-488.cm2.x86_64 +perl-Math-BigInt-1.9998.18-488.cm2.noarch +perl-PerlIO-via-QuotedPrint-0.09-488.cm2.noarch +perl-MIME-Base64-3.16-488.cm2.x86_64 +perl-I18N-Langinfo-0.19-488.cm2.x86_64 +perl-Params-Check-0.38-488.cm2.noarch +perl-Locale-Maketext-Simple-0.21-488.cm2.noarch +perl-Locale-Maketext-1.29-488.cm2.noarch +perl-I18N-LangTags-0.45-488.cm2.noarch +perl-Hash-Util-FieldHash-1.21-488.cm2.x86_64 +perl-fields-2.27-488.cm2.noarch +perl-Hash-Util-0.25-488.cm2.x86_64 +perl-Getopt-Std-1.13-488.cm2.noarch +perl-Filter-Simple-0.96-488.cm2.noarch +perl-Filter-1.59-488.cm2.x86_64 +perl-FileCache-1.10-488.cm2.noarch +perl-File-Compare-1.100.600-488.cm2.noarch +perl-File-Basename-2.85-488.cm2.noarch +perl-locale-1.10-488.cm2.noarch +perl-Tie-File-1.06-488.cm2.noarch +perl-Sys-Syslog-0.36-488.cm2.x86_64 +perl-Sys-Hostname-1.23-488.cm2.x86_64 +perl-I18N-Collate-1.02-488.cm2.noarch +perl-POSIX-1.97-488.cm2.x86_64 +perl-Fcntl-1.14-488.cm2.x86_64 +perl-Errno-1.33-488.cm2.x86_64 +perl-English-1.11-488.cm2.noarch +perl-Digest-MD5-2.58-488.cm2.x86_64 +perl-Digest-1.19-488.cm2.noarch +perl-Dumpvalue-2.27-488.cm2.noarch +perl-Devel-Peek-1.30-488.cm2.x86_64 +perl-Config-Perl-V-0.33-488.cm2.noarch +perl-Config-Extensions-0.03-488.cm2.noarch +perl-Compress-Raw-Zlib-2.101-488.cm2.x86_64 +perl-User-pwent-1.03-488.cm2.noarch +perl-Time-1.03-488.cm2.noarch +perl-Net-1.02-488.cm2.noarch +perl-File-stat-1.09-488.cm2.noarch +perl-Class-Struct-0.66-488.cm2.noarch +perl-Benchmark-1.23-488.cm2.noarch +perl-autodie-2.34-488.cm2.noarch +perl-Safe-2.43-488.cm2.noarch +perl-ExtUtils-Constant-0.25-488.cm2.noarch +perl-Data-Dumper-2.179-488.cm2.x86_64 +perl-CPAN-Meta-YAML-0.018-488.cm2.noarch +perl-B-1.82-488.cm2.x86_64 +perl-blib-1.07-488.cm2.noarch +perl-Unicode-Collate-1.29-488.cm2.x86_64 +perl-Module-Load-0.36-488.cm2.noarch +perl-Unicode-UCD-0.75-488.cm2.noarch +perl-Memoize-1.03-488.cm2.noarch +perl-Storable-3.23-488.cm2.x86_64 +perl-SelfLoader-1.26-488.cm2.noarch +perl-IPC-Open3-1.21-488.cm2.noarch +perl-IO-Socket-IP-0.41-488.cm2.noarch +perl-HTTP-Tiny-0.076-488.cm2.noarch +perl-libnet-3.13-488.cm2.noarch +perl-Net-Ping-2.74-488.cm2.noarch +perl-FileHandle-2.03-488.cm2.noarch +perl-IO-1.46-488.cm2.x86_64 +perl-FindBin-1.52-488.cm2.noarch +perl-debugger-1.60-488.cm2.noarch +perl-Test-Simple-1.302183-488.cm2.noarch +perl-Test-1.31-488.cm2.noarch +perl-Compress-Raw-Bzip2-2.101-488.cm2.x86_64 +perl-File-Temp-0.231.100-488.cm2.noarch +perl-File-Path-2.18-488.cm2.noarch +perl-IPC-Cmd-1.04-488.cm2.noarch +perl-Module-Load-Conditional-0.74-488.cm2.noarch +perl-Module-Metadata-1.000037-488.cm2.noarch +perl-ExtUtils-Command-7.62-488.cm2.noarch +perl-File-Find-1.39-488.cm2.noarch +perl-File-Fetch-1.00-488.cm2.noarch +perl-File-Copy-2.35-488.cm2.noarch +perl-ExtUtils-Manifest-1.73-488.cm2.noarch +perl-Devel-SelfStubber-1.06-488.cm2.noarch +perl-AutoSplit-5.74-488.cm2.noarch +perl-open-1.12-488.cm2.noarch +perl-encoding-3.00-488.cm2.x86_64 +perl-utils-5.34.1-488.cm2.noarch +perl-diagnostics-1.37-488.cm2.noarch +perl-Test-Harness-3.43-488.cm2.noarch +perl-podlators-4.14-488.cm2.noarch +perl-Pod-Simple-3.42-488.cm2.noarch +perl-Pod-Html-1.27-488.cm2.noarch +perl-Pod-Checker-1.74-488.cm2.noarch +perl-Module-CoreList-tools-5.20220313-488.cm2.noarch +perl-ExtUtils-ParseXS-3.43-488.cm2.noarch +perl-Digest-SHA-6.02-488.cm2.x86_64 +perl-Getopt-Long-2.52-488.cm2.noarch +perl-Pod-Usage-2.01-488.cm2.noarch +perl-JSON-PP-4.06-488.cm2.noarch +perl-IO-Zlib-1.11-488.cm2.noarch +perl-Archive-Tar-2.38-488.cm2.noarch +perl-IO-Compress-2.102-488.cm2.noarch +perl-DBM_Filter-0.06-488.cm2.noarch +perl-CPAN-Meta-2.150010-488.cm2.noarch +perl-IPC-SysV-2.09-488.cm2.x86_64 +perl-libnetcfg-5.34.1-488.cm2.noarch +perl-ExtUtils-Miniperl-1.10-488.cm2.noarch +perl-ExtUtils-Embed-1.35-488.cm2.noarch +perl-Encode-devel-3.08-488.cm2.noarch +perl-devel-5.34.1-488.cm2.x86_64 +perl-ExtUtils-Install-2.20-488.cm2.noarch +perl-CPAN-2.28-488.cm2.noarch +perl-ExtUtils-MakeMaker-7.62-488.cm2.noarch +perl-ExtUtils-CBuilder-0.280236-488.cm2.noarch +perl-ODBM_File-1.17-488.cm2.x86_64 +perl-NDBM_File-1.15-488.cm2.x86_64 +perl-GDBM_File-1.19-488.cm2.x86_64 +perl-PathTools-3.80-488.cm2.x86_64 +perl-Exporter-5.76-488.cm2.noarch +perl-Pod-Perldoc-3.28.01-488.cm2.noarch +perl-Encode-3.08-488.cm2.x86_64 +perl-DynaLoader-1.50-488.cm2.x86_64 +perl-Carp-1.52-488.cm2.noarch +perl-5.34.1-488.cm2.x86_64 +perl-libs-5.34.1-488.cm2.x86_64 +perl-doc-5.34.1-488.cm2.noarch +perl-macros-5.34.1-488.cm2.noarch +perl-interpreter-5.34.1-488.cm2.x86_64 +net-snmp-libs-5.9.1-2.cm2.x86_64 +rsyslog-8.2204.1-3.cm2.x86_64 +sgx-backwards-compatability-1.0.0-1.cm2.x86_64 +openssh-8.9p1-1.cm2.x86_64 +python3-distro-1.6.0-2.cm2.noarch +WALinuxAgent-2.3.1.1-3.cm2.noarch +iw-5.9-1.cm2.x86_64 +wireless-regdb-2022.08.12-1.cm2.noarch +gpg-pubkey-3135ce90-5e6fda74 +gpg-pubkey-be1229cf-5631588c +inotify-tools-3.22.1.0-1.cm2.x86_64 +fuse-2.9.7-10.cm2.x86_64 +boost-1.76.0-3.cm2.x86_64 +blobfuse-1.4.5-10.cm2.x86_64 +python3-dbus-1.2.16-3.cm2.x86_64 +python3-dateutil-2.7.3-5.cm2.noarch +python3-dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-plugins-core-4.0.24-3.cm2.noarch +dnf-utils-4.0.24-3.cm2.noarch +check-restart-1.0.0-2.cm2.x86_64 +keyutils-1.6.1-1.cm2.x86_64 +cifs-utils-6.14-2.cm2.x86_64 +libnfnetlink-1.0.1-5.cm2.x86_64 +libnetfilter_conntrack-1.0.8-1.cm2.x86_64 +libnetfilter_queue-1.0.5-1.cm2.x86_64 +libnetfilter_cttimeout-1.0.0-5.cm2.x86_64 +libnetfilter_cthelper-1.0.0-5.cm2.x86_64 +conntrack-tools-1.4.5-7.cm2.x86_64 +dnf-automatic-4.8.0-2.cm2.noarch +ebtables-legacy-2.0.11-6.cm2.x86_64 +apr-1.7.2-1.cm2.x86_64 +apr-util-1.6.3-1.cm2.x86_64 +utf8proc-2.6.1-2.cm2.x86_64 +libserf-1.3.9-8.cm2.x86_64 +subversion-1.14.2-1.cm2.x86_64 +subversion-perl-1.14.2-1.cm2.x86_64 +perl-YAML-1.30-2.cm2.noarch +perl-DBI-1.643-2.cm2.x86_64 +perl-CGI-4.54-3.cm2.noarch +less-590-2.cm2.x86_64 +git-2.33.8-1.cm2.x86_64 +iotop-0.6-10.cm2.noarch +ipset-7.15-1.cm2.x86_64 +oniguruma-6.9.7.1-1.cm2.x86_64 +jq-1.6-1.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 +libtirpc-1.3.3-1.cm2.x86_64 +lsof-4.94.0-1.cm2.x86_64 +libpcap-1.10.1-1.cm2.x86_64 +nmap-ncat-7.93-1.cm2.x86_64 +rpcbind-1.2.5-5.cm2.x86_64 +libnfsidmap-2.5.4-2.cm2.x86_64 +libevent-2.1.12-1.cm2.x86_64 +nfs-utils-2.5.4-2.cm2.x86_64 +pigz-2.6-2.cm2.x86_64 +psmisc-23.4-1.cm2.x86_64 +socat-1.7.4.3-1.cm2.x86_64 +sysstat-12.7.1-2.cm2.x86_64 +traceroute-2.1.0-6.cm2.x86_64 +zip-3.0-5.cm2.x86_64 +libapparmor-3.0.4-1.cm2.x86_64 +apparmor-parser-3.0.4-1.cm2.x86_64 +fuse3-libs-3.10.5-2.cm2.x86_64 +fuse-common-3.10.5-2.cm2.x86_64 +fuse3-3.10.5-2.cm2.x86_64 +blobfuse2-2.0.5-1.cm2.x86_64 +libnftnl-1.2.1-1.cm2.x86_64 +jansson-2.14-1.cm2.x86_64 +nftables-1.0.1-1.cm2.x86_64 +moby-runc-1.1.5-2.cm2.x86_64 +moby-containerd-1.6.18-5.cm2.x86_64 +llvm-12.0.1-7.cm2.x86_64 +binutils-devel-2.37-5.cm2.x86_64 +binutils-2.37-5.cm2.x86_64 +compiler-rt-12.0.1-1.cm2.x86_64 +clang-libs-12.0.1-4.cm2.x86_64 +bcc-0.27.0-1.cm2.x86_64 +clang-12.0.1-4.cm2.x86_64 +libbpf-1.0.1-1.cm2.x86_64 +bpftrace-0.16.0-1.cm2.x86_64 +python3-bcc-0.27.0-1.cm2.x86_64 +bcc-tools-0.27.0-1.cm2.x86_64 +bcc-examples-0.27.0-1.cm2.x86_64 +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 4.0M 0 4.0M 0% /dev +tmpfs 3.3G 0 3.3G 0% /dev/shm +tmpfs 1.4G 8.6M 1.3G 1% /run +tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup +/dev/sda3 29G 19G 8.7G 69% / +tmpfs 3.3G 4.0K 3.3G 1% /tmp +/dev/sda2 459M 31M 399M 8% /boot +/dev/sda1 64M 2.3M 62M 4% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 668M 0 668M 0% /run/user/1000 +Using kernel: +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:51:40 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: false +=== os-release Begin +NAME="Common Base Linux Mariner" +VERSION="2.0.20230811" +ID=mariner +VERSION_ID="2.0" +PRETTY_NAME="CBL-Mariner/Linux" +ANSI_COLOR="1;34" +HOME_URL="https://aka.ms/cbl-mariner" +BUG_REPORT_URL="https://aka.ms/cbl-mariner" +SUPPORT_URL="https://aka.ms/cbl-mariner" +=== os-release End diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-image-list.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-image-list.json index fb095489c8a..04d6bbb8437 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "V2gen2TL", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-report.json b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-report.json index b4d60fe22b0..2e0de63314d 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest-trivy-report.json @@ -1,11 +1,11 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvm6nae05nvhl", + "ArtifactName": "pkrvmd3j50rbkvt", "ArtifactType": "filesystem", "Metadata": { "OS": { "Family": "cbl-mariner", - "Name": "2.0.20230805" + "Name": "2.0.20230811" }, "ImageConfig": { "architecture": "", @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvm6nae05nvhl (cbl-mariner 2.0.20230805)", + "Target": "pkrvmd3j50rbkvt (cbl-mariner 2.0.20230811)", "Class": "os-pkgs", "Type": "cbl-mariner" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest.txt b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest.txt index 1dc7595bdee..c70f5248ea8 100644 --- a/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest.txt +++ b/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2tl/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:01 UTC 2023 +Starting build on Tue Aug 22 16:26:20 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:10 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:10 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:12 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:12 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:15 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:15 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:15 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:29 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:29 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:34 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin filesystem-1.1-15.cm2.x86_64 glibc-2.35-4.cm2.x86_64 @@ -159,8 +160,8 @@ bash-5.1.8-3.cm2.x86_64 libsepol-3.2-2.cm2.x86_64 xz-5.2.5-1.cm2.x86_64 kmod-29-1.cm2.x86_64 -kernel-5.15.122.1-2.cm2.x86_64 -mariner-release-2.0-46.cm2.noarch +kernel-5.15.125.1-2.cm2.x86_64 +mariner-release-2.0-48.cm2.noarch shim-15.4-2.cm2.x86_64 grub2-efi-binary-2.06-10.cm2.x86_64 popt-1.18-1.cm2.x86_64 @@ -263,9 +264,9 @@ bind-libs-9.16.33-2.cm2.x86_64 bind-utils-9.16.33-2.cm2.x86_64 chrony-4.1-2.cm2.x86_64 nghttp2-1.46.0-3.cm2.x86_64 -curl-libs-8.0.1-2.cm2.x86_64 +curl-libs-8.2.1-1.cm2.x86_64 tdnf-3.5.2-2.cm2.x86_64 -curl-8.0.1-2.cm2.x86_64 +curl-8.2.1-1.cm2.x86_64 libdb-5.3.28-7.cm2.x86_64 cyrus-sasl-lib-2.1.28-4.cm2.x86_64 openldap-2.4.57-8.cm2.x86_64 @@ -330,7 +331,7 @@ python3-jsonpointer-2.2-1.cm2.noarch python3-jsonpatch-1.32-1.cm2.noarch python3-wcwidth-0.2.5-1.cm2.noarch python3-prettytable-3.2.0-2.cm2.noarch -python3-certifi-2022.12.07-1.cm2.noarch +python3-certifi-2023.05.07-1.cm2.noarch python3-charset-normalizer-2.0.11-2.cm2.noarch python3-urllib3-1.26.9-1.cm2.noarch python3-asn1crypto-1.5.1-1.cm2.noarch @@ -351,11 +352,11 @@ cloud-utils-growpart-0.32-3.cm2.noarch grub2-2.06-10.cm2.x86_64 installkernel-1.0.0-2.cm2.noarch grubby-8.40-45.cm2.x86_64 -hyperv-daemons-license-5.15.122.1-1.cm2.noarch -hypervvssd-5.15.122.1-1.cm2.x86_64 -hypervkvpd-5.15.122.1-1.cm2.x86_64 -hypervfcopyd-5.15.122.1-1.cm2.x86_64 -hyperv-daemons-5.15.122.1-1.cm2.x86_64 +hyperv-daemons-license-5.15.125.1-1.cm2.noarch +hypervvssd-5.15.125.1-1.cm2.x86_64 +hypervkvpd-5.15.125.1-1.cm2.x86_64 +hypervfcopyd-5.15.125.1-1.cm2.x86_64 +hyperv-daemons-5.15.125.1-1.cm2.x86_64 lzo-2.10-4.cm2.x86_64 squashfs-tools-4.5.1-1.cm2.x86_64 ethtool-5.16-1.cm2.x86_64 @@ -620,7 +621,7 @@ iotop-0.6-10.cm2.noarch ipset-7.15-1.cm2.x86_64 oniguruma-6.9.7.1-1.cm2.x86_64 jq-1.6-1.cm2.x86_64 -kernel-devel-5.15.122.1-2.cm2.x86_64 +kernel-devel-5.15.125.1-2.cm2.x86_64 libtirpc-1.3.3-1.cm2.x86_64 lsof-4.94.0-1.cm2.x86_64 libpcap-1.10.1-1.cm2.x86_64 @@ -665,18 +666,18 @@ devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 3.3G 0 3.3G 0% /dev/shm tmpfs 1.4G 8.6M 1.3G 1% /run tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup -/dev/sda3 29G 19G 8.9G 68% / +/dev/sda3 29G 19G 8.7G 69% / tmpfs 3.3G 4.0K 3.3G 1% /tmp /dev/sda2 459M 31M 399M 8% /boot /dev/sda1 64M 2.3M 62M 4% /boot/efi /dev/sdb1 14G 28K 13G 1% /mnt tmpfs 668M 0 668M 0% /run/user/1000 Using kernel: -Linux version 5.15.122.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Sat Aug 5 04:51:06 UTC 2023 -Install completed successfully on Wed Aug 16 17:29:45 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Linux version 5.15.125.1-2.cm2 (root@CBL-Mariner) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Fri Aug 11 02:17:58 UTC 2023 +Install completed successfully on Tue Aug 22 16:51:40 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: Hyperv generation: V2 Feature flags: None @@ -684,7 +685,7 @@ Container runtime: containerd FIPS enabled: false === os-release Begin NAME="Common Base Linux Mariner" -VERSION="2.0.20230805" +VERSION="2.0.20230811" ID=mariner VERSION_ID="2.0" PRETTY_NAME="CBL-Mariner/Linux" diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..2466e7a113e --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "1804containerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..89fa843568d --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmn2k1hzafu3", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmn2k1hzafu3 (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0.txt new file mode 100644 index 00000000000..ea48925aa1f --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/202308.22.0.txt @@ -0,0 +1,846 @@ +Starting build on Tue Aug 22 16:25:24 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:37 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:39 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:41 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +acl/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed] +adduser/bionic,now 3.116ubuntu1 all [installed,automatic] +apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +apt/bionic-updates,now 1.6.17 amd64 [installed,automatic] +apt-transport-https/bionic-updates,now 1.6.17 all [installed] +apt-utils/bionic-updates,now 1.6.17 amd64 [installed,automatic] +at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed] +attr/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +base-files/bionic-updates,now 10.1ubuntu2.11 amd64 [installed,automatic] +base-passwd/bionic,now 3.5.44 amd64 [installed,automatic] +bash/bionic-updates,bionic-security,now 4.4.18-2ubuntu1.3 amd64 [installed] +bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed,automatic] +bc/bionic,now 1.07.1-2 amd64 [installed,automatic] +bcache-tools/bionic-updates,now 1.0.8-2ubuntu0.18.04.1 amd64 [installed] +bind9-host/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +binfmt-support/bionic,now 2.1.8-2 amd64 [installed,automatic] +binutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-common/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +blobfuse/bionic,now 1.4.5 amd64 [installed] +blobfuse2/bionic,now 2.0.5 amd64 [installed] +bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed,automatic] +bsdutils/bionic-updates,bionic-security,now 1:2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed,automatic] +btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed] +build-essential/bionic,now 12.4ubuntu1 amd64 [installed] +busybox-initramfs/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +busybox-static/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +byobu/bionic,now 5.125-0ubuntu1 all [installed] +bzip2/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +ca-certificates/bionic-updates,bionic-security,now 20230311ubuntu0.18.04.1 all [installed] +ceph-common/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed] +cgroup-lite/bionic,now 1.15 all [installed] +chrony/bionic-updates,bionic-security,now 3.2-4ubuntu4.5 amd64 [installed] +cifs-utils/bionic-updates,bionic-security,now 2:6.8-1ubuntu1.2 amd64 [installed] +cloud-guest-utils/bionic,now 0.30-0ubuntu5 all [installed] +cloud-init/bionic-updates,bionic-security,now 23.1.2-0ubuntu0~18.04.1 all [installed] +cloud-initramfs-copymods/bionic-updates,now 0.40ubuntu1.1 all [installed] +cloud-initramfs-dyn-netconf/bionic-updates,now 0.40ubuntu1.1 all [installed] +command-not-found/bionic-updates,now 18.04.6 all [installed,automatic] +command-not-found-data/bionic-updates,now 18.04.6 amd64 [installed,automatic] +conntrack/bionic,now 1:1.4.4+snapshot20161117-6ubuntu2 amd64 [installed] +console-setup/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +console-setup-linux/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed,automatic] +cpio/bionic-updates,bionic-security,now 2.12+dfsg-6ubuntu0.18.04.4 amd64 [installed,automatic] +cpp/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +cpp-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +cracklib-runtime/bionic,now 2.9.2-5build1 amd64 [installed] +crda/bionic,now 3.18-1build1 amd64 [installed] +cron/bionic-updates,bionic-security,now 3.0pl1-128.1ubuntu1.2 amd64 [installed,automatic] +cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed] +dash/bionic,now 0.5.8-2.10 amd64 [installed] +dbus/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +dbus-user-session/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debconf-i18n/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debianutils/bionic,now 4.8.4 amd64 [installed,automatic] +diffutils/bionic,now 1:3.6-1 amd64 [installed] +dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 amd64 [installed,automatic] +distro-info-data/bionic-updates,now 0.37ubuntu0.17 all [installed,automatic] +dkms/bionic-updates,now 2.3-3ubuntu9.7 all [installed] +dmeventd/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dmidecode/bionic-updates,now 3.1-1ubuntu0.1 amd64 [installed,automatic] +dmsetup/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dns-root-data/bionic,now 2018013001 all [installed,automatic] +dnsmasq-base/bionic-updates,bionic-security,now 2.79-1ubuntu0.7 amd64 [installed,automatic] +dnsutils/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +dosfstools/bionic,now 4.1-1 amd64 [installed,automatic] +dpkg/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 amd64 [installed,automatic] +dpkg-dev/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +e2fsprogs/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +eatmydata/bionic,now 105-6 all [installed] +ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed] +ed/bionic,now 1.10-2.1 amd64 [installed,automatic] +efibootmgr/bionic,now 15-1 amd64 [installed,automatic] +eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed,automatic] +ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed] +fdisk/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed] +fonts-ubuntu-console/bionic,now 0.83-2 all [installed] +friendly-recovery/bionic-updates,now 0.2.38ubuntu1.2 all [installed,automatic] +ftp/bionic,now 0.17-34 amd64 [installed,automatic] +fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed] +g++/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +g++-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed,automatic] +gcc/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed] +gcc-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-7-base/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-8-base/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +gdisk/bionic,now 1.0.3-1 amd64 [installed,automatic] +geoip-database/bionic,now 20180315-1 all [installed,automatic] +gettext-base/bionic-updates,bionic-security,now 0.19.8.1-6ubuntu0.3 amd64 [installed,automatic] +gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed,automatic] +git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 amd64 [installed] +git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 all [installed,automatic] +glusterfs-client/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +glusterfs-common/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 all [installed,automatic] +gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +grep/bionic-updates,now 3.1-2build1 amd64 [installed] +groff-base/bionic,now 1.22.3-10 amd64 [installed,automatic] +grub-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-efi-amd64-bin/bionic-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/bionic-updates,now 1.187.3~18.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/bionic,now 0.7 amd64 [installed,automatic] +grub-pc/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-pc-bin/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub2-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +gzip/bionic-updates,bionic-security,now 1.6-5ubuntu1.2 amd64 [installed] +hdparm/bionic,now 9.54+ds-1 amd64 [installed,automatic] +hostname/bionic,now 3.20 amd64 [installed] +htop/bionic,now 2.1.0-3 amd64 [installed] +iftop/bionic,now 1.0~pre4-4 amd64 [installed] +info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +init/bionic,now 1.51 amd64 [installed] +init-system-helpers/bionic,now 1.51 all [installed] +initramfs-tools/bionic-updates,now 0.130ubuntu3.13 all [installed] +initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.13 amd64 [installed,automatic] +initramfs-tools-core/bionic-updates,now 0.130ubuntu3.13 all [installed,automatic] +inotify-tools/bionic,now 3.14-2 amd64 [installed] +install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +iotop/bionic,now 0.6-2 amd64 [installed] +iproute2/bionic-updates,now 4.15.0-2ubuntu1.3 amd64 [installed] +ipset/bionic,now 6.34-1 amd64 [installed] +iptables/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed] +iputils-ping/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +iputils-tracepath/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +irqbalance/bionic-updates,now 1.3.0-0.1ubuntu0.18.04.1 amd64 [installed,automatic] +isc-dhcp-client/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +isc-dhcp-common/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +iso-codes/bionic,now 3.79-1 all [installed,automatic] +iw/bionic,now 4.14-0.1 amd64 [installed] +jq/bionic,now 1.5+dfsg-2 amd64 [installed] +kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed,automatic] +keyboard-configuration/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +keyutils/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed] +klibc-utils/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +kmod/bionic-updates,now 24-1ubuntu3.5 amd64 [installed] +krb5-locales/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 all [installed,automatic] +landscape-common/bionic-updates,now 18.01-0ubuntu3.6 amd64 [installed] +language-selector-common/bionic-updates,now 0.188.3 all [installed,automatic] +less/bionic,now 487-0.1 amd64 [installed,automatic] +libaccountsservice0/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +libacl1/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libacl1-dev/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libaio1/bionic-updates,now 0.3.110-5ubuntu0.1 amd64 [installed,automatic] +libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +libapt-inst2.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libapt-pkg5.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed,automatic] +libasan4/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libasn1-8-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libassuan0/bionic,now 2.5.1-2 amd64 [installed,automatic] +libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed,automatic] +libatomic1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libattr1-dev/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libaudit-common/bionic-updates,now 1:2.8.2-1ubuntu1.1 all [installed,automatic] +libaudit1/bionic-updates,now 1:2.8.2-1ubuntu1.1 amd64 [installed,automatic] +libavahi-client3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common-data/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libbabeltrace1/bionic,now 1.5.5-1 amd64 [installed,automatic] +libbind9-160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libbinutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +libblkid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libbsd0/bionic-updates,bionic-security,now 0.8.7-1ubuntu0.1 amd64 [installed,automatic] +libbz2-1.0/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +libc-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc-dev-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6-dev/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed,automatic] +libcap2/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcap2-bin/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcc1-0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libcephfs2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libcilkrts5/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libcom-err2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libcrack2/bionic,now 2.9.2-5build1 amd64 [installed,automatic] +libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +libcups2/now 2.2.7-1ubuntu2.10+esm1 amd64 [installed,local] +libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libdb5.3/bionic-updates,bionic-security,now 5.3.28-13.1ubuntu1.1 amd64 [installed,automatic] +libdbus-1-3/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed,automatic] +libdevmapper-event1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdevmapper1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdns-export1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdns1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdpkg-perl/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +libdrm-common/bionic-updates,now 2.4.101-2~18.04.1 all [installed,automatic] +libdrm2/bionic-updates,now 2.4.101-2~18.04.1 amd64 [installed,automatic] +libdumbnet1/bionic,now 1.12-7build1 amd64 [installed] +libdw1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed] +libeatmydata1/bionic,now 105-6 amd64 [installed] +libedit2/bionic,now 3.1-20170329-1 amd64 [installed,automatic] +libefiboot1/bionic,now 34-1 amd64 [installed,automatic] +libefivar1/bionic,now 34-1 amd64 [installed,automatic] +libelf1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed,automatic] +liberror-perl/bionic,now 0.17025-1 all [installed,automatic] +libestr0/bionic,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed,automatic] +libexpat1/bionic-updates,bionic-security,now 2.2.5-3ubuntu0.9 amd64 [installed,automatic] +libext2fs2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libfastjson4/bionic,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libffi6/bionic,now 3.2.1-8 amd64 [installed,automatic] +libfreetype6/bionic-updates,bionic-security,now 2.8.1-2ubuntu2.2 amd64 [installed,automatic] +libfribidi0/bionic-updates,bionic-security,now 0.19.7-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed,automatic] +libgcc-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libgcc1/bionic-updates,bionic-security,now 1:8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgcrypt20/bionic-updates,bionic-security,now 1.8.1-4ubuntu1.3 amd64 [installed,automatic] +libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgdbm5/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgeoip1/bionic,now 1.6.12-1 amd64 [installed,automatic] +libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed,automatic] +libglib2.0-0/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 amd64 [installed,automatic] +libglib2.0-data/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 all [installed,automatic] +libgmp10/bionic-updates,bionic-security,now 2:6.1.2+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libgnutls30/bionic-updates,bionic-security,now 3.5.18-1ubuntu1.6 amd64 [installed,automatic] +libgomp1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgoogle-perftools4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libgpg-error0/bionic,now 1.27-6 amd64 [installed,automatic] +libgpm2/bionic,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libgssapi3-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhcrypto4-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimbase1-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimntlm0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhogweed4/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libhx509-5-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libibverbs1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libicu60/bionic-updates,bionic-security,now 60.2-3ubuntu3.2 amd64 [installed,automatic] +libidn11/bionic-updates,now 1.33-2.1ubuntu1.2 amd64 [installed,automatic] +libidn2-0/bionic-updates,bionic-security,now 2.0.4-1.1ubuntu0.2 amd64 [installed,automatic] +libinotifytools0/bionic,now 3.14-2 amd64 [installed,automatic] +libip4tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libip6tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libipset3/bionic,now 6.34-1 amd64 [installed,automatic] +libiptc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libirs160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc-export169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccc160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccfg160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisl19/bionic,now 0.19-1 amd64 [installed,automatic] +libisns0/bionic,now 0.97-2build1 amd64 [installed,automatic] +libitm1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libjansson4/bionic,now 2.11-1 amd64 [installed] +libjq1/bionic,now 1.5+dfsg-2 amd64 [installed,automatic] +libjson-c3/bionic-updates,bionic-security,now 0.12.1-1.3ubuntu0.3 amd64 [installed,automatic] +libk5crypto3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkeyutils1/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed,automatic] +libklibc/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +libkmod2/bionic-updates,now 24-1ubuntu3.5 amd64 [installed,automatic] +libkrb5-26-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libkrb5-3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkrb5support0/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libksba8/bionic-updates,bionic-security,now 1.3.5-2ubuntu0.18.04.2 amd64 [installed,automatic] +libldap-2.4-2/now 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 [installed,local] +libldap-common/now 2.4.45+dfsg-1ubuntu1.11+esm1 all [installed,local] +libldb1/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed,automatic] +liblsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +liblvm2app2.2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblvm2cmd2.02/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblwres160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +liblxc-common/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblxc1/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblz4-1/bionic-updates,bionic-security,now 0.0~r131-2ubuntu3.1 amd64 [installed,automatic] +liblzma5/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed,automatic] +liblzo2-2/bionic,now 2.08-1.2 amd64 [installed,automatic] +libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmnl0/bionic,now 1.0.4-2 amd64 [installed,automatic] +libmount1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libmpc3/bionic,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed,automatic] +libmpfr6/bionic,now 4.0.1-1 amd64 [installed,automatic] +libmpx2/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libncurses5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libncursesw5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed,automatic] +libnetplan0/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +libnettle6/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed,automatic] +libnfsidmap2/bionic,now 0.25-5.1 amd64 [installed,automatic] +libnftnl7/bionic,now 1.0.9-2 amd64 [installed,automatic] +libnghttp2-14/now 1.30.0-1ubuntu1+esm1 amd64 [installed,local] +libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed,automatic] +libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-route-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic] +libnpth0/bionic,now 1.5-3 amd64 [installed,automatic] +libnspr4/bionic,now 2:4.18-1ubuntu1 amd64 [installed,automatic] +libnss-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libnss3/bionic-updates,bionic-security,now 2:3.35-2ubuntu2.16 amd64 [installed,automatic] +libntfs-3g88/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +libnuma1/bionic-updates,now 2.0.11-2.1ubuntu0.1 amd64 [installed,automatic] +libonig4/now 6.7.0-1ubuntu0.1~esm2 amd64 [installed,local] +libp11-kit0/bionic-updates,bionic-security,now 0.23.9-2ubuntu0.1 amd64 [installed,automatic] +libpam-cap/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libpam-modules/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-modules-bin/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-pwquality/bionic,now 1.4.0-2 amd64 [installed] +libpam-runtime/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 all [installed,automatic] +libpam-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libpam0g/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libparted2/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +libpcap0.8/bionic-updates,now 1.8.1-6ubuntu1.18.04.2 amd64 [installed,automatic] +libpci3/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +libpcre3/bionic-updates,bionic-security,now 2:8.39-9ubuntu0.1 amd64 [installed,automatic] +libperl5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +libpipeline1/bionic,now 1.5.0-1 amd64 [installed,automatic] +libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.2 amd64 [installed,automatic] +libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpopt0/bionic,now 1.16-11 amd64 [installed,automatic] +libprocps6/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +libpsl5/bionic,now 0.19.1-5build1 amd64 [installed,automatic] +libpwquality-common/bionic,now 1.4.0-2 all [installed,automatic] +libpwquality-tools/bionic,now 1.4.0-2 amd64 [installed] +libpwquality1/bionic,now 1.4.0-2 amd64 [installed,automatic] +libpython-stdlib/bionic,now 2.7.15~rc1-1 amd64 [installed] +libpython2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3-stdlib/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +libpython3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-stdlib/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libquadmath0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +librados2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libradosstriper1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librbd1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librdmacm1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed,automatic] +libreadline7/bionic,now 7.0-3 amd64 [installed,automatic] +libroken18-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed,automatic] +libsasl2-2/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules-db/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libseccomp2/bionic-updates,bionic-security,now 2.5.1-1ubuntu1~18.04.2 amd64 [installed,automatic] +libselinux1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsemanage-common/bionic,now 2.7-2build2 all [installed,automatic] +libsemanage1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsensors4/bionic-updates,now 1:3.4.0-4ubuntu0.1 amd64 [installed,automatic] +libsepol1/bionic-updates,bionic-security,now 2.7-1ubuntu0.1 amd64 [installed,automatic] +libsigsegv2/bionic,now 2.12-1 amd64 [installed,automatic] +libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed,automatic] +libsmartcols1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libsnappy1v5/bionic,now 1.1.7-1 amd64 [installed,automatic] +libsqlite3-0/bionic-updates,bionic-security,now 3.22.0-1ubuntu0.7 amd64 [installed,automatic] +libss2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libssl1.0.0/bionic-updates,bionic-security,now 1.0.2n-1ubuntu5.13 amd64 [installed,automatic] +libssl1.1/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +libstdc++-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libstdc++6/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libsysfs2/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed,automatic] +libsystemd0/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libtalloc2/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +libtasn1-6/bionic,now 4.13-2 amd64 [installed,automatic] +libtcmalloc-minimal4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libtdb1/bionic,now 1.3.15-2 amd64 [installed] +libtevent0/bionic,now 0.9.34-1 amd64 [installed] +libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed,automatic] +libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed,automatic] +libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed,automatic] +libtinfo5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libtirpc1/bionic-updates,bionic-security,now 0.2.5-1.2ubuntu0.1 amd64 [installed,automatic] +libtsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libubsan0/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libudev1/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libunistring2/bionic-updates,now 0.9.9-0ubuntu2 amd64 [installed,automatic] +libunwind8/bionic-updates,now 1.2.1-8ubuntu0.1 amd64 [installed,automatic] +liburcu6/bionic-updates,now 0.10.1-1ubuntu1 amd64 [installed,automatic] +libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed,automatic] +libutempter0/bionic,now 1.1.6-3 amd64 [installed,automatic] +libuuid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libuv1/bionic,now 1.18.0-3 amd64 [installed,automatic] +libwbclient0/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +libwind0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libwrap0/bionic,now 7.6.q-27 amd64 [installed] +libx11-6/now 2:1.6.4-3ubuntu0.4+esm1 amd64 [installed,local] +libx11-data/now 2:1.6.4-3ubuntu0.4+esm1 all [installed,local] +libxau6/bionic-updates,now 1:1.0.8-1ubuntu1 amd64 [installed,automatic] +libxcb1/bionic-updates,now 1.13-2~ubuntu18.04 amd64 [installed,automatic] +libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed,automatic] +libxext6/bionic,now 2:1.3.3-1 amd64 [installed,automatic] +libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.9 amd64 [installed,automatic] +libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed,automatic] +libxtables12/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed,automatic] +libzstd1/bionic-updates,bionic-security,now 1.3.3+dfsg-2ubuntu1.2 amd64 [installed,automatic] +linux-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-azure-5.4-cloud-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-cloud-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-5.4-headers-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 all [installed] +linux-azure-5.4-headers-5.4.0-1112/now 5.4.0-1112.118~18.04.1 all [installed,local] +linux-azure-5.4-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-base/bionic-updates,now 4.5ubuntu1.7 all [installed,automatic] +linux-base-sgx/bionic-updates,now 4.5ubuntu1.7 all [installed] +linux-cloud-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-cloud-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-cloud-tools-common/now 4.15.0-214.225 all [installed,local] +linux-headers-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-headers-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-image-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-image-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-libc-dev/now 4.15.0-214.225 amd64 [installed,local] +linux-modules-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-modules-extra-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-tools-common/now 4.15.0-214.225 all [installed,local] +locales/bionic-updates,now 2.27-3ubuntu1.6 all [installed,automatic] +login/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed] +logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed,automatic] +lsb-base/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lsb-release/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.2 amd64 [installed,automatic] +lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed,automatic] +lsscsi/bionic,now 0.28-0.1 amd64 [installed] +ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed,automatic] +lvm2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed] +lxcfs/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +lxd/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed] +lxd-client/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed,automatic] +make/bionic,now 4.1-9.1ubuntu1 amd64 [installed] +man-db/bionic-updates,now 2.8.3-2ubuntu0.1 amd64 [installed,automatic] +manpages/bionic,now 4.15-1 all [installed,automatic] +mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed,automatic] +mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.4 amd64 [installed] +mime-support/bionic,now 3.60ubuntu1 all [installed,automatic] +mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu18.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu18.04u1] +moby-runc/testing,bionic,now 1.1.7+azure-ubuntu18.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu18.04u1] +mokutil/bionic-updates,now 0.6.0-2~18.04.1 amd64 [installed] +motd-news-config/bionic-updates,now 10.1ubuntu2.11 all [installed] +mount/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +mtr-tiny/bionic,now 0.92-1 amd64 [installed,automatic] +multiarch-support/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +nano/bionic,now 2.9.3-2 amd64 [installed,automatic] +ncurses-base/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +ncurses-bin/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed] +ncurses-term/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed] +netbase/bionic,now 5.4 all [installed,automatic] +netcat/bionic,now 1.10-41.1 all [installed] +netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed,automatic] +netcat-traditional/bionic,now 1.10-41.1 amd64 [installed,automatic] +netplan.io/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +networkd-dispatcher/bionic-updates,bionic-security,now 1.7-0ubuntu3.5 all [installed,automatic] +nfs-common/bionic-updates,now 1:1.3.4-2.1ubuntu5.5 amd64 [installed] +nftables/bionic,now 0.8.2-1 amd64 [installed] +nplan/bionic-updates,now 0.99-0ubuntu3~18.04.5 all [installed,automatic] +ntfs-3g/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +open-iscsi/now 2.0.874-5ubuntu2.11+esm1 amd64 [installed,local] +openssh-client/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-sftp-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssl/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic] +overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed] +packages-microsoft-prod/bionic,now 1.0-ubuntu18.04.2 all [installed] +parted/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +passwd/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +pastebinit/bionic,now 1.5-2 all [installed,automatic] +patch/bionic-updates,bionic-security,now 2.7.6-2ubuntu1.1 amd64 [installed] +pciutils/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +perl/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-base/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-modules-5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 all [installed,automatic] +pigz/bionic,now 2.4-1 amd64 [installed] +pinentry-curses/bionic,now 1.1.0-1 amd64 [installed,automatic] +plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.2 all [installed] +popularity-contest/bionic,now 1.66ubuntu1 all [installed,automatic] +powermgmt-base/bionic,now 1.33 all [installed,automatic] +procps/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +psmisc/bionic-updates,now 23.1-1ubuntu0.1 amd64 [installed,automatic] +publicsuffix/bionic,now 20180223.1310-1 all [installed,automatic] +python/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-apt-common/bionic-updates,now 1.6.6 all [installed,automatic] +python-cephfs/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python-crypto/bionic,now 2.6.1-8ubuntu2 amd64 [installed] +python-idna/bionic,now 2.6-1 all [installed,automatic] +python-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed,automatic] +python-ldb/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +python-minimal/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python-prettytable/bionic,now 0.7.2-3 all [installed,automatic] +python-rados/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-rbd/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python-samba/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +python-six/bionic,now 1.11.0-2 all [installed] +python-talloc/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +python-tdb/bionic,now 1.3.15-2 amd64 [installed] +python-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python3/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-apport/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-apt/bionic-updates,now 1.6.6 amd64 [installed,automatic] +python3-asn1crypto/bionic,now 0.24.0-1 all [installed,automatic] +python3-attr/bionic,now 17.4.0-2 all [installed,automatic] +python3-automat/bionic,now 0.6.0-1 all [installed,automatic] +python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed] +python3-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed,automatic] +python3-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python3-click/bionic,now 6.7-3 all [installed,automatic] +python3-colorama/bionic,now 0.3.7-1 all [installed,automatic] +python3-commandnotfound/bionic-updates,now 18.04.6 all [installed,automatic] +python3-configobj/bionic,now 5.0.6-2 all [installed,automatic] +python3-constantly/bionic,now 15.1.0-1 all [installed,automatic] +python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.4 amd64 [installed,automatic] +python3-dbus/bionic,now 1.2.6-1 amd64 [installed,automatic] +python3-debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +python3-debian/bionic,now 0.1.32 all [installed,automatic] +python3-distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 all [installed,automatic] +python3-distupgrade/bionic-updates,now 1:18.04.45 all [installed,automatic] +python3-distutils/bionic-updates,now 3.6.9-1~18.04 all [installed] +python3-gdbm/bionic-updates,now 3.6.9-1~18.04 amd64 [installed,automatic] +python3-gi/bionic-updates,now 3.26.1-2ubuntu1 amd64 [installed,automatic] +python3-httplib2/bionic-updates,now 0.9.2+dfsg-1ubuntu0.3 all [installed,automatic] +python3-hyperlink/bionic,now 17.3.1-2 all [installed,automatic] +python3-idna/bionic,now 2.6-1 all [installed,automatic] +python3-incremental/bionic,now 16.10.1-3 all [installed,automatic] +python3-jinja2/bionic-updates,bionic-security,now 2.10-1ubuntu0.18.04.1 all [installed] +python3-json-pointer/bionic,now 1.10-1 all [installed] +python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed] +python3-jsonschema/bionic,now 2.6.0-2 all [installed] +python3-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed] +python3-lib2to3/bionic-updates,now 3.6.9-1~18.04 all [installed,automatic] +python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed] +python3-minimal/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-netifaces/bionic,now 0.10.4-0.1build4 amd64 [installed,automatic] +python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +python3-oauthlib/bionic,now 2.0.6-1 all [installed] +python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed,automatic] +python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed,automatic] +python3-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python3-pexpect/bionic,now 4.2.1-1 all [installed,automatic] +python3-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python3-problem-report/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-ptyprocess/bionic,now 0.5.2-1 all [installed,automatic] +python3-pyasn1/bionic,now 0.4.2-3 all [installed,automatic] +python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed,automatic] +python3-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed,automatic] +python3-serial/bionic,now 3.4-2 all [installed,automatic] +python3-service-identity/bionic,now 16.0.0-2 all [installed,automatic] +python3-six/bionic,now 1.11.0-2 all [installed,automatic] +python3-software-properties/bionic-updates,now 0.96.24.32.22 all [installed,automatic] +python3-twisted/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 all [installed,automatic] +python3-twisted-bin/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 amd64 [installed,automatic] +python3-update-manager/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +python3-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python3-yaml/bionic,now 3.12-1build2 amd64 [installed,automatic] +python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed,automatic] +python3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +python3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +readline-common/bionic,now 7.0-3 all [installed,automatic] +rng-tools/bionic,now 5-0ubuntu4 amd64 [installed] +rpcbind/bionic-updates,bionic-security,now 0.2.3-0.6ubuntu0.18.04.4 amd64 [installed,automatic] +rsync/bionic-updates,bionic-security,now 3.1.2-2.1ubuntu1.6 amd64 [installed,automatic] +rsyslog/bionic-updates,bionic-security,now 8.32.0-1ubuntu4.2 amd64 [installed,automatic] +run-one/bionic,now 1.17-0ubuntu1 all [installed,automatic] +samba-common/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 all [installed] +samba-common-bin/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +samba-libs/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +sbsigntool/bionic-updates,now 0.9.2-2ubuntu1~18.04.2 amd64 [installed] +screen/now 4.6.2-1ubuntu1.1+esm1 amd64 [installed,local] +secureboot-db/bionic-updates,now 1.4~ubuntu0.18.04.1 amd64 [installed] +sed/bionic,now 4.4-2 amd64 [installed,automatic] +sensible-utils/bionic,now 0.0.12 all [installed,automatic] +shared-mime-info/bionic,now 1.9-2 amd64 [installed,automatic] +shim-signed/bionic-updates,now 1.37~18.04.13+15.7-0ubuntu1 amd64 [installed] +socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed] +software-properties-common/bionic-updates,now 0.96.24.32.22 all [installed] +sosreport/bionic-updates,now 4.4-1ubuntu0.18.04.1 amd64 [installed] +squashfs-tools/bionic-updates,bionic-security,now 1:4.3-6ubuntu0.18.04.4 amd64 [installed,automatic] +ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed] +strace/bionic,now 4.21-1ubuntu1 amd64 [installed,automatic] +sudo/bionic-updates,bionic-security,now 1.8.21p2-3ubuntu1.6 amd64 [installed,automatic] +sysfsutils/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed] +sysstat/now 11.6.1-1ubuntu0.2+esm1 amd64 [installed,local] +systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +systemd-sysv/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed] +tar/bionic-updates,bionic-security,now 1.29b-2ubuntu0.4 amd64 [installed,automatic] +tcpdump/bionic-updates,now 4.9.3-0ubuntu0.18.04.3 amd64 [installed,automatic] +telnet/bionic,now 0.17-41 amd64 [installed,automatic] +time/bionic,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/bionic-updates,bionic-security,now 2.6-3ubuntu0.3 amd64 [installed] +traceroute/bionic,now 1:2.1.0-2 amd64 [installed] +tzdata/bionic-updates,bionic-security,now 2023c-0ubuntu0.18.04 all [installed,automatic] +ubuntu-advantage-tools/bionic-updates,now 28.1~18.04 amd64 [installed,automatic] +ubuntu-keyring/bionic-updates,now 2018.09.18.1~18.04.2 all [installed,automatic] +ubuntu-minimal/bionic-updates,now 1.417.5 amd64 [installed] +ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.45 all [installed,automatic] +ubuntu-standard/bionic-updates,now 1.417.5 amd64 [installed] +ucf/bionic,now 3.0038 all [installed,automatic] +udev/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +ufw/bionic-updates,now 0.36-0ubuntu0.18.04.2 all [installed,automatic] +uidmap/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.14 all [installed,automatic] +update-manager-core/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +update-notifier-common/bionic-updates,now 3.192.1.19 all [installed] +ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] +usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] +util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] +wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] +whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +wireless-regdb/bionic-updates,bionic-security,now 2022.06.06-0ubuntu1~18.04.1 all [installed] +xauth/bionic,now 1:1.0.10-1 amd64 [installed,automatic] +xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] +xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] +xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] +zip/bionic,now 3.0-11build1 amd64 [installed] +zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +udev 3.4G 0 3.4G 0% /dev +tmpfs 694M 728K 694M 1% /run +/dev/sdb1 29G 22G 7.2G 76% / +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sdb15 105M 5.3M 100M 5% /boot/efi +/dev/sda1 14G 28K 13G 1% /mnt +tmpfs 694M 0 694M 0% /run/user/1000 +Using kernel: +Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 +Install completed successfully on Tue Aug 22 17:05:17 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 18.04 +Hyperv generation: V1 +Feature flags: None +Container runtime: containerd +FIPS enabled: +=== os-release Begin +NAME="Ubuntu" +VERSION="18.04.6 LTS (Bionic Beaver)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 18.04.6 LTS" +VERSION_ID="18.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=bionic +UBUNTU_CODENAME=bionic +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-image-list.json index 1c91cbdec8d..2466e7a113e 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "1804containerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-report.json index 6555570a735..89fa843568d 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmhwa5cpixrm", + "ArtifactName": "pkrvmn2k1hzafu3", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmhwa5cpixrm (ubuntu 18.04)", + "Target": "pkrvmn2k1hzafu3 (ubuntu 18.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest.txt index 7a83f0d2081..ea48925aa1f 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804containerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:07:35 UTC 2023 +Starting build on Tue Aug 22 16:25:24 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,17 +131,17 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 593 Aug 16 17:07 /usr/local/bin/logrotate.sh --r-xr--r-- 1 root root 2462 Aug 16 17:07 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:07 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:18 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:18 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:20 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:20 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:23 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:23 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:23 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:24 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:37 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:39 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:41 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] @@ -789,10 +790,10 @@ ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] -vim/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] -vim-common/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] @@ -802,7 +803,7 @@ xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] -xxd/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] zip/bionic,now 3.0-11build1 amd64 [installed] zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] @@ -811,19 +812,19 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on udev 3.4G 0 3.4G 0% /dev tmpfs 694M 728K 694M 1% /run -/dev/sda1 29G 22G 7.4G 75% / +/dev/sdb1 29G 22G 7.2G 76% / tmpfs 3.4G 0 3.4G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup -/dev/sda15 105M 5.3M 100M 5% /boot/efi -/dev/sdb1 14G 28K 13G 1% /mnt +/dev/sdb15 105M 5.3M 100M 5% /boot/efi +/dev/sda1 14G 28K 13G 1% /mnt tmpfs 694M 0 694M 0% /run/user/1000 Using kernel: Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 -Install completed successfully on Wed Aug 16 17:49:27 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:05:17 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 18.04 Hyperv generation: V1 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..5fbbd5d742b --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "1804fipscontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..5012060f4d8 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm5n7o7kxtpc", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm5n7o7kxtpc (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0.txt new file mode 100644 index 00000000000..af7b210470a --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/202308.22.0.txt @@ -0,0 +1,860 @@ +Starting build on Tue Aug 22 16:26:29 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 593 Aug 22 16:26 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:41 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:41 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:44 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:44 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:44 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:46 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +acl/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed] +adduser/bionic,now 3.116ubuntu1 all [installed,automatic] +apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +apt/bionic-updates,now 1.6.17 amd64 [installed,automatic] +apt-transport-https/bionic-updates,now 1.6.17 all [installed] +apt-utils/bionic-updates,now 1.6.17 amd64 [installed,automatic] +at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed] +attr/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +base-files/bionic-updates,now 10.1ubuntu2.11 amd64 [installed,automatic] +base-passwd/bionic,now 3.5.44 amd64 [installed,automatic] +bash/bionic-updates,bionic-security,now 4.4.18-2ubuntu1.3 amd64 [installed] +bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed,automatic] +bc/bionic,now 1.07.1-2 amd64 [installed,automatic] +bcache-tools/bionic-updates,now 1.0.8-2ubuntu0.18.04.1 amd64 [installed] +bind9-host/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +binfmt-support/bionic,now 2.1.8-2 amd64 [installed,automatic] +binutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-common/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +blobfuse/bionic,now 1.4.5 amd64 [installed] +blobfuse2/bionic,now 2.0.5 amd64 [installed] +bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed,automatic] +bsdutils/bionic-updates,bionic-security,now 1:2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed,automatic] +btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed] +build-essential/bionic,now 12.4ubuntu1 amd64 [installed] +busybox-initramfs/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +busybox-static/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +byobu/bionic,now 5.125-0ubuntu1 all [installed] +bzip2/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +ca-certificates/bionic-updates,bionic-security,now 20230311ubuntu0.18.04.1 all [installed] +ceph-common/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed] +cgroup-lite/bionic,now 1.15 all [installed] +chrony/bionic-updates,bionic-security,now 3.2-4ubuntu4.5 amd64 [installed] +cifs-utils/bionic-updates,bionic-security,now 2:6.8-1ubuntu1.2 amd64 [installed] +cloud-guest-utils/bionic,now 0.30-0ubuntu5 all [installed] +cloud-init/bionic-updates,bionic-security,now 23.1.2-0ubuntu0~18.04.1 all [installed] +cloud-initramfs-copymods/bionic-updates,now 0.40ubuntu1.1 all [installed] +cloud-initramfs-dyn-netconf/bionic-updates,now 0.40ubuntu1.1 all [installed] +command-not-found/bionic-updates,now 18.04.6 all [installed,automatic] +command-not-found-data/bionic-updates,now 18.04.6 amd64 [installed,automatic] +conntrack/bionic,now 1:1.4.4+snapshot20161117-6ubuntu2 amd64 [installed] +console-setup/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +console-setup-linux/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed,automatic] +cpio/bionic-updates,bionic-security,now 2.12+dfsg-6ubuntu0.18.04.4 amd64 [installed,automatic] +cpp/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +cpp-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +cracklib-runtime/bionic,now 2.9.2-5build1 amd64 [installed] +crda/bionic,now 3.18-1build1 amd64 [installed] +cron/bionic-updates,bionic-security,now 3.0pl1-128.1ubuntu1.2 amd64 [installed,automatic] +cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed] +dash/bionic,now 0.5.8-2.10 amd64 [installed] +dbus/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +dbus-user-session/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debconf-i18n/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debianutils/bionic,now 4.8.4 amd64 [installed,automatic] +diffutils/bionic,now 1:3.6-1 amd64 [installed] +dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 amd64 [installed,automatic] +distro-info-data/bionic-updates,now 0.37ubuntu0.17 all [installed,automatic] +dkms/bionic-updates,now 2.3-3ubuntu9.7 all [installed] +dmeventd/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dmidecode/bionic-updates,now 3.1-1ubuntu0.1 amd64 [installed,automatic] +dmsetup/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dns-root-data/bionic,now 2018013001 all [installed,automatic] +dnsmasq-base/bionic-updates,bionic-security,now 2.79-1ubuntu0.7 amd64 [installed,automatic] +dnsutils/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +dosfstools/bionic,now 4.1-1 amd64 [installed,automatic] +dpkg/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 amd64 [installed,automatic] +dpkg-dev/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +e2fsprogs/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +eatmydata/bionic,now 105-6 all [installed] +ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed] +ed/bionic,now 1.10-2.1 amd64 [installed,automatic] +efibootmgr/bionic,now 15-1 amd64 [installed,automatic] +eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed,automatic] +ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed] +fdisk/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed] +fips-initramfs/now 0.0.10 amd64 [installed,local] +fonts-ubuntu-console/bionic,now 0.83-2 all [installed] +friendly-recovery/bionic-updates,now 0.2.38ubuntu1.2 all [installed,automatic] +ftp/bionic,now 0.17-34 amd64 [installed,automatic] +fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed] +g++/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +g++-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed,automatic] +gcc/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed] +gcc-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-7-base/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-8-base/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +gdisk/bionic,now 1.0.3-1 amd64 [installed,automatic] +geoip-database/bionic,now 20180315-1 all [installed,automatic] +gettext-base/bionic-updates,bionic-security,now 0.19.8.1-6ubuntu0.3 amd64 [installed,automatic] +gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed,automatic] +git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 amd64 [installed] +git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 all [installed,automatic] +glusterfs-client/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +glusterfs-common/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 all [installed,automatic] +gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +grep/bionic-updates,now 3.1-2build1 amd64 [installed] +groff-base/bionic,now 1.22.3-10 amd64 [installed,automatic] +grub-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-efi-amd64-bin/bionic-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/bionic-updates,now 1.187.3~18.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/bionic,now 0.7 amd64 [installed,automatic] +grub-pc/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-pc-bin/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub2-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +gzip/bionic-updates,bionic-security,now 1.6-5ubuntu1.2 amd64 [installed] +hdparm/bionic,now 9.54+ds-1 amd64 [installed,automatic] +hostname/bionic,now 3.20 amd64 [installed] +htop/bionic,now 2.1.0-3 amd64 [installed] +iftop/bionic,now 1.0~pre4-4 amd64 [installed] +info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +init/bionic,now 1.51 amd64 [installed] +init-system-helpers/bionic,now 1.51 all [installed] +initramfs-tools/bionic-updates,now 0.130ubuntu3.13 all [installed] +initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.13 amd64 [installed,automatic] +initramfs-tools-core/bionic-updates,now 0.130ubuntu3.13 all [installed,automatic] +inotify-tools/bionic,now 3.14-2 amd64 [installed] +install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +iotop/bionic,now 0.6-2 amd64 [installed] +iproute2/bionic-updates,now 4.15.0-2ubuntu1.3 amd64 [installed] +ipset/bionic,now 6.34-1 amd64 [installed] +iptables/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed] +iputils-ping/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +iputils-tracepath/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +irqbalance/bionic-updates,now 1.3.0-0.1ubuntu0.18.04.1 amd64 [installed,automatic] +isc-dhcp-client/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +isc-dhcp-common/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +iso-codes/bionic,now 3.79-1 all [installed,automatic] +iw/bionic,now 4.14-0.1 amd64 [installed] +jq/bionic,now 1.5+dfsg-2 amd64 [installed] +kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed,automatic] +kcapi-tools/now 1.0.3-2fips3 amd64 [installed,local] +keyboard-configuration/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +keyutils/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed] +klibc-utils/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +kmod/bionic-updates,now 24-1ubuntu3.5 amd64 [installed] +krb5-locales/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 all [installed,automatic] +landscape-common/bionic-updates,now 18.01-0ubuntu3.6 amd64 [installed] +language-selector-common/bionic-updates,now 0.188.3 all [installed,automatic] +less/bionic,now 487-0.1 amd64 [installed,automatic] +libaccountsservice0/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +libacl1/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libacl1-dev/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libaio1/bionic-updates,now 0.3.110-5ubuntu0.1 amd64 [installed,automatic] +libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +libapt-inst2.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libapt-pkg5.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed,automatic] +libasan4/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libasn1-8-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libassuan0/bionic,now 2.5.1-2 amd64 [installed,automatic] +libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed,automatic] +libatomic1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libattr1-dev/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libaudit-common/bionic-updates,now 1:2.8.2-1ubuntu1.1 all [installed,automatic] +libaudit1/bionic-updates,now 1:2.8.2-1ubuntu1.1 amd64 [installed,automatic] +libavahi-client3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common-data/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libbabeltrace1/bionic,now 1.5.5-1 amd64 [installed,automatic] +libbind9-160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libbinutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +libblkid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libbsd0/bionic-updates,bionic-security,now 0.8.7-1ubuntu0.1 amd64 [installed,automatic] +libbz2-1.0/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +libc-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc-dev-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6-dev/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed,automatic] +libcap2/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcap2-bin/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcc1-0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libcephfs2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libcilkrts5/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libcom-err2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libcrack2/bionic,now 2.9.2-5build1 amd64 [installed,automatic] +libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +libcups2/now 2.2.7-1ubuntu2.10+esm1 amd64 [installed,local] +libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libdb5.3/bionic-updates,bionic-security,now 5.3.28-13.1ubuntu1.1 amd64 [installed,automatic] +libdbus-1-3/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed,automatic] +libdevmapper-event1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdevmapper1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdns-export1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdns1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdpkg-perl/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +libdrm-common/bionic-updates,now 2.4.101-2~18.04.1 all [installed,automatic] +libdrm2/bionic-updates,now 2.4.101-2~18.04.1 amd64 [installed,automatic] +libdumbnet1/bionic,now 1.12-7build1 amd64 [installed] +libdw1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed] +libeatmydata1/bionic,now 105-6 amd64 [installed] +libedit2/bionic,now 3.1-20170329-1 amd64 [installed,automatic] +libefiboot1/bionic,now 34-1 amd64 [installed,automatic] +libefivar1/bionic,now 34-1 amd64 [installed,automatic] +libelf1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed,automatic] +liberror-perl/bionic,now 0.17025-1 all [installed,automatic] +libestr0/bionic,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed,automatic] +libexpat1/bionic-updates,bionic-security,now 2.2.5-3ubuntu0.9 amd64 [installed,automatic] +libext2fs2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libfastjson4/bionic,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libffi6/bionic,now 3.2.1-8 amd64 [installed,automatic] +libfreetype6/bionic-updates,bionic-security,now 2.8.1-2ubuntu2.2 amd64 [installed,automatic] +libfribidi0/bionic-updates,bionic-security,now 0.19.7-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed,automatic] +libgcc-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libgcc1/bionic-updates,bionic-security,now 1:8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgcrypt20/now 1.8.1-4ubuntu1.fips.3 amd64 [installed,local] +libgcrypt20-hmac/now 1.8.1-4ubuntu1.fips.3 amd64 [installed,local] +libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgdbm5/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgeoip1/bionic,now 1.6.12-1 amd64 [installed,automatic] +libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed,automatic] +libglib2.0-0/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 amd64 [installed,automatic] +libglib2.0-data/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 all [installed,automatic] +libgmp10/bionic-updates,bionic-security,now 2:6.1.2+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libgnutls30/bionic-updates,bionic-security,now 3.5.18-1ubuntu1.6 amd64 [installed,automatic] +libgomp1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgoogle-perftools4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libgpg-error0/bionic,now 1.27-6 amd64 [installed,automatic] +libgpm2/bionic,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libgssapi3-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhcrypto4-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimbase1-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimntlm0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhogweed4/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libhx509-5-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libibverbs1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libicu60/bionic-updates,bionic-security,now 60.2-3ubuntu3.2 amd64 [installed,automatic] +libidn11/bionic-updates,now 1.33-2.1ubuntu1.2 amd64 [installed,automatic] +libidn2-0/bionic-updates,bionic-security,now 2.0.4-1.1ubuntu0.2 amd64 [installed,automatic] +libinotifytools0/bionic,now 3.14-2 amd64 [installed,automatic] +libip4tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libip6tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libipset3/bionic,now 6.34-1 amd64 [installed,automatic] +libiptc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libirs160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc-export169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccc160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccfg160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisl19/bionic,now 0.19-1 amd64 [installed,automatic] +libisns0/bionic,now 0.97-2build1 amd64 [installed,automatic] +libitm1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libjansson4/bionic,now 2.11-1 amd64 [installed] +libjq1/bionic,now 1.5+dfsg-2 amd64 [installed,automatic] +libjson-c3/bionic-updates,bionic-security,now 0.12.1-1.3ubuntu0.3 amd64 [installed,automatic] +libk5crypto3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkcapi1/now 1.0.3-2fips3 amd64 [installed,local] +libkeyutils1/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed,automatic] +libklibc/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +libkmod2/bionic-updates,now 24-1ubuntu3.5 amd64 [installed,automatic] +libkrb5-26-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libkrb5-3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkrb5support0/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libksba8/bionic-updates,bionic-security,now 1.3.5-2ubuntu0.18.04.2 amd64 [installed,automatic] +libldap-2.4-2/now 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 [installed,local] +libldap-common/now 2.4.45+dfsg-1ubuntu1.11+esm1 all [installed,local] +libldb1/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed,automatic] +liblsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +liblvm2app2.2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblvm2cmd2.02/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblwres160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +liblxc-common/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblxc1/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblz4-1/bionic-updates,bionic-security,now 0.0~r131-2ubuntu3.1 amd64 [installed,automatic] +liblzma5/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed,automatic] +liblzo2-2/bionic,now 2.08-1.2 amd64 [installed,automatic] +libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmnl0/bionic,now 1.0.4-2 amd64 [installed,automatic] +libmount1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libmpc3/bionic,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed,automatic] +libmpfr6/bionic,now 4.0.1-1 amd64 [installed,automatic] +libmpx2/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libncurses5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libncursesw5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed,automatic] +libnetplan0/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +libnettle6/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed,automatic] +libnfsidmap2/bionic,now 0.25-5.1 amd64 [installed,automatic] +libnftnl7/bionic,now 1.0.9-2 amd64 [installed,automatic] +libnghttp2-14/now 1.30.0-1ubuntu1+esm1 amd64 [installed,local] +libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed,automatic] +libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-route-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic] +libnpth0/bionic,now 1.5-3 amd64 [installed,automatic] +libnspr4/bionic,now 2:4.18-1ubuntu1 amd64 [installed,automatic] +libnss-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libnss3/bionic-updates,bionic-security,now 2:3.35-2ubuntu2.16 amd64 [installed,automatic] +libntfs-3g88/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +libnuma1/bionic-updates,now 2.0.11-2.1ubuntu0.1 amd64 [installed,automatic] +libonig4/now 6.7.0-1ubuntu0.1~esm2 amd64 [installed,local] +libp11-kit0/bionic-updates,bionic-security,now 0.23.9-2ubuntu0.1 amd64 [installed,automatic] +libpam-cap/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libpam-modules/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-modules-bin/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-pwquality/bionic,now 1.4.0-2 amd64 [installed] +libpam-runtime/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 all [installed,automatic] +libpam-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libpam0g/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libparted2/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +libpcap0.8/bionic-updates,now 1.8.1-6ubuntu1.18.04.2 amd64 [installed,automatic] +libpci3/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +libpcre3/bionic-updates,bionic-security,now 2:8.39-9ubuntu0.1 amd64 [installed,automatic] +libperl5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +libpipeline1/bionic,now 1.5.0-1 amd64 [installed,automatic] +libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.2 amd64 [installed,automatic] +libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpopt0/bionic,now 1.16-11 amd64 [installed,automatic] +libprocps6/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +libpsl5/bionic,now 0.19.1-5build1 amd64 [installed,automatic] +libpwquality-common/bionic,now 1.4.0-2 all [installed,automatic] +libpwquality-tools/bionic,now 1.4.0-2 amd64 [installed] +libpwquality1/bionic,now 1.4.0-2 amd64 [installed,automatic] +libpython-stdlib/bionic,now 2.7.15~rc1-1 amd64 [installed] +libpython2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3-stdlib/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +libpython3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-stdlib/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libquadmath0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +librados2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libradosstriper1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librbd1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librdmacm1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed,automatic] +libreadline7/bionic,now 7.0-3 amd64 [installed,automatic] +libroken18-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed,automatic] +libsasl2-2/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules-db/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libseccomp2/bionic-updates,bionic-security,now 2.5.1-1ubuntu1~18.04.2 amd64 [installed,automatic] +libselinux1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsemanage-common/bionic,now 2.7-2build2 all [installed,automatic] +libsemanage1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsensors4/bionic-updates,now 1:3.4.0-4ubuntu0.1 amd64 [installed,automatic] +libsepol1/bionic-updates,bionic-security,now 2.7-1ubuntu0.1 amd64 [installed,automatic] +libsigsegv2/bionic,now 2.12-1 amd64 [installed,automatic] +libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed,automatic] +libsmartcols1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libsnappy1v5/bionic,now 1.1.7-1 amd64 [installed,automatic] +libsqlite3-0/bionic-updates,bionic-security,now 3.22.0-1ubuntu0.7 amd64 [installed,automatic] +libss2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libssl1.1/now 1.1.1-1ubuntu2.fips.2.1~18.04.23 amd64 [installed,local] +libssl1.1-hmac/now 1.1.1-1ubuntu2.fips.2.1~18.04.23 amd64 [installed,local] +libstdc++-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libstdc++6/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libsysfs2/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed,automatic] +libsystemd0/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libtalloc2/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +libtasn1-6/bionic,now 4.13-2 amd64 [installed,automatic] +libtcmalloc-minimal4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libtdb1/bionic,now 1.3.15-2 amd64 [installed] +libtevent0/bionic,now 0.9.34-1 amd64 [installed] +libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed,automatic] +libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed,automatic] +libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed,automatic] +libtinfo5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libtirpc1/bionic-updates,bionic-security,now 0.2.5-1.2ubuntu0.1 amd64 [installed,automatic] +libtsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libubsan0/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libudev1/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libunistring2/bionic-updates,now 0.9.9-0ubuntu2 amd64 [installed,automatic] +libunwind8/bionic-updates,now 1.2.1-8ubuntu0.1 amd64 [installed,automatic] +liburcu6/bionic-updates,now 0.10.1-1ubuntu1 amd64 [installed,automatic] +libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed,automatic] +libutempter0/bionic,now 1.1.6-3 amd64 [installed,automatic] +libuuid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libuv1/bionic,now 1.18.0-3 amd64 [installed,automatic] +libwbclient0/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +libwind0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libwrap0/bionic,now 7.6.q-27 amd64 [installed] +libx11-6/now 2:1.6.4-3ubuntu0.4+esm1 amd64 [installed,local] +libx11-data/now 2:1.6.4-3ubuntu0.4+esm1 all [installed,local] +libxau6/bionic-updates,now 1:1.0.8-1ubuntu1 amd64 [installed,automatic] +libxcb1/bionic-updates,now 1.13-2~ubuntu18.04 amd64 [installed,automatic] +libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed,automatic] +libxext6/bionic,now 2:1.3.3-1 amd64 [installed,automatic] +libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.9 amd64 [installed,automatic] +libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed,automatic] +libxtables12/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed,automatic] +libzstd1/bionic-updates,bionic-security,now 1.3.3+dfsg-2ubuntu1.2 amd64 [installed,automatic] +linux-azure-5.4-cloud-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-cloud-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-5.4-headers-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 all [installed] +linux-azure-5.4-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-azure-fips-cloud-tools-4.15.0-2077/now 4.15.0-2077.83 amd64 [installed,local] +linux-azure-fips-headers-4.15.0-2077/now 4.15.0-2077.83 all [installed,local] +linux-azure-fips-tools-4.15.0-2077/now 4.15.0-2077.83 amd64 [installed,local] +linux-base/bionic-updates,now 4.5ubuntu1.7 all [installed,automatic] +linux-base-sgx/bionic-updates,now 4.5ubuntu1.7 all [installed] +linux-cloud-tools-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-cloud-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-cloud-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-cloud-tools-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-cloud-tools-common/now 4.15.0-214.225 all [installed,local] +linux-headers-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-headers-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-image-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-image-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-image-hmac-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-libc-dev/now 4.15.0-214.225 amd64 [installed,local] +linux-modules-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-modules-extra-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-tools-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-tools-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-tools-common/now 4.15.0-214.225 all [installed,local] +locales/bionic-updates,now 2.27-3ubuntu1.6 all [installed,automatic] +login/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed] +logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed,automatic] +lsb-base/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lsb-release/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.2 amd64 [installed,automatic] +lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed,automatic] +lsscsi/bionic,now 0.28-0.1 amd64 [installed] +ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed,automatic] +lvm2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed] +lxcfs/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +lxd/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed] +lxd-client/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed,automatic] +make/bionic,now 4.1-9.1ubuntu1 amd64 [installed] +man-db/bionic-updates,now 2.8.3-2ubuntu0.1 amd64 [installed,automatic] +manpages/bionic,now 4.15-1 all [installed,automatic] +mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed,automatic] +mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.4 amd64 [installed] +mime-support/bionic,now 3.60ubuntu1 all [installed,automatic] +mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu18.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu18.04u1] +moby-runc/testing,bionic,now 1.1.7+azure-ubuntu18.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu18.04u1] +mokutil/bionic-updates,now 0.6.0-2~18.04.1 amd64 [installed] +motd-news-config/bionic-updates,now 10.1ubuntu2.11 all [installed] +mount/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +mtr-tiny/bionic,now 0.92-1 amd64 [installed,automatic] +multiarch-support/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +nano/bionic,now 2.9.3-2 amd64 [installed,automatic] +ncurses-base/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +ncurses-bin/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed] +ncurses-term/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed] +netbase/bionic,now 5.4 all [installed,automatic] +netcat/bionic,now 1.10-41.1 all [installed] +netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed,automatic] +netcat-traditional/bionic,now 1.10-41.1 amd64 [installed,automatic] +netplan.io/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +networkd-dispatcher/bionic-updates,bionic-security,now 1.7-0ubuntu3.5 all [installed,automatic] +nfs-common/bionic-updates,now 1:1.3.4-2.1ubuntu5.5 amd64 [installed] +nftables/bionic,now 0.8.2-1 amd64 [installed] +nplan/bionic-updates,now 0.99-0ubuntu3~18.04.5 all [installed,automatic] +ntfs-3g/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +open-iscsi/now 2.0.874-5ubuntu2.11+esm1 amd64 [installed,local] +openssh-client/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-client-hmac/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-server/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-server-hmac/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-sftp-server/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssl/now 1.1.1-1ubuntu2.fips.2.1~18.04.23 amd64 [installed,local] +os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic] +overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed] +packages-microsoft-prod/bionic,now 1.0-ubuntu18.04.2 all [installed] +parted/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +passwd/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +pastebinit/bionic,now 1.5-2 all [installed,automatic] +patch/bionic-updates,bionic-security,now 2.7.6-2ubuntu1.1 amd64 [installed] +pciutils/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +perl/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-base/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-modules-5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 all [installed,automatic] +pigz/bionic,now 2.4-1 amd64 [installed] +pinentry-curses/bionic,now 1.1.0-1 amd64 [installed,automatic] +plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.2 all [installed] +popularity-contest/bionic,now 1.66ubuntu1 all [installed,automatic] +powermgmt-base/bionic,now 1.33 all [installed,automatic] +procps/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +psmisc/bionic-updates,now 23.1-1ubuntu0.1 amd64 [installed,automatic] +publicsuffix/bionic,now 20180223.1310-1 all [installed,automatic] +python/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-apt-common/bionic-updates,now 1.6.6 all [installed,automatic] +python-cephfs/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python-crypto/bionic,now 2.6.1-8ubuntu2 amd64 [installed] +python-idna/bionic,now 2.6-1 all [installed,automatic] +python-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed,automatic] +python-ldb/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +python-minimal/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python-prettytable/bionic,now 0.7.2-3 all [installed,automatic] +python-rados/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-rbd/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python-samba/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +python-six/bionic,now 1.11.0-2 all [installed] +python-talloc/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +python-tdb/bionic,now 1.3.15-2 amd64 [installed] +python-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python3/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-apport/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-apt/bionic-updates,now 1.6.6 amd64 [installed,automatic] +python3-asn1crypto/bionic,now 0.24.0-1 all [installed,automatic] +python3-attr/bionic,now 17.4.0-2 all [installed,automatic] +python3-automat/bionic,now 0.6.0-1 all [installed,automatic] +python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed] +python3-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed,automatic] +python3-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python3-click/bionic,now 6.7-3 all [installed,automatic] +python3-colorama/bionic,now 0.3.7-1 all [installed,automatic] +python3-commandnotfound/bionic-updates,now 18.04.6 all [installed,automatic] +python3-configobj/bionic,now 5.0.6-2 all [installed,automatic] +python3-constantly/bionic,now 15.1.0-1 all [installed,automatic] +python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.4 amd64 [installed,automatic] +python3-dbus/bionic,now 1.2.6-1 amd64 [installed,automatic] +python3-debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +python3-debian/bionic,now 0.1.32 all [installed,automatic] +python3-distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 all [installed,automatic] +python3-distupgrade/bionic-updates,now 1:18.04.45 all [installed,automatic] +python3-distutils/bionic-updates,now 3.6.9-1~18.04 all [installed] +python3-gdbm/bionic-updates,now 3.6.9-1~18.04 amd64 [installed,automatic] +python3-gi/bionic-updates,now 3.26.1-2ubuntu1 amd64 [installed,automatic] +python3-httplib2/bionic-updates,now 0.9.2+dfsg-1ubuntu0.3 all [installed,automatic] +python3-hyperlink/bionic,now 17.3.1-2 all [installed,automatic] +python3-idna/bionic,now 2.6-1 all [installed,automatic] +python3-incremental/bionic,now 16.10.1-3 all [installed,automatic] +python3-jinja2/bionic-updates,bionic-security,now 2.10-1ubuntu0.18.04.1 all [installed] +python3-json-pointer/bionic,now 1.10-1 all [installed] +python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed] +python3-jsonschema/bionic,now 2.6.0-2 all [installed] +python3-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed] +python3-lib2to3/bionic-updates,now 3.6.9-1~18.04 all [installed,automatic] +python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed] +python3-minimal/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-netifaces/bionic,now 0.10.4-0.1build4 amd64 [installed,automatic] +python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +python3-oauthlib/bionic,now 2.0.6-1 all [installed] +python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed,automatic] +python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed,automatic] +python3-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python3-pexpect/bionic,now 4.2.1-1 all [installed,automatic] +python3-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python3-problem-report/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-ptyprocess/bionic,now 0.5.2-1 all [installed,automatic] +python3-pyasn1/bionic,now 0.4.2-3 all [installed,automatic] +python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed,automatic] +python3-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed,automatic] +python3-serial/bionic,now 3.4-2 all [installed,automatic] +python3-service-identity/bionic,now 16.0.0-2 all [installed,automatic] +python3-six/bionic,now 1.11.0-2 all [installed,automatic] +python3-software-properties/bionic-updates,now 0.96.24.32.22 all [installed,automatic] +python3-twisted/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 all [installed,automatic] +python3-twisted-bin/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 amd64 [installed,automatic] +python3-update-manager/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +python3-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python3-yaml/bionic,now 3.12-1build2 amd64 [installed,automatic] +python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed,automatic] +python3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +python3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +readline-common/bionic,now 7.0-3 all [installed,automatic] +rng-tools/bionic,now 5-0ubuntu4 amd64 [installed] +rpcbind/bionic-updates,bionic-security,now 0.2.3-0.6ubuntu0.18.04.4 amd64 [installed,automatic] +rsync/bionic-updates,bionic-security,now 3.1.2-2.1ubuntu1.6 amd64 [installed,automatic] +rsyslog/bionic-updates,bionic-security,now 8.32.0-1ubuntu4.2 amd64 [installed,automatic] +run-one/bionic,now 1.17-0ubuntu1 all [installed,automatic] +samba-common/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 all [installed] +samba-common-bin/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +samba-libs/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +sbsigntool/bionic-updates,now 0.9.2-2ubuntu1~18.04.2 amd64 [installed] +screen/now 4.6.2-1ubuntu1.1+esm1 amd64 [installed,local] +secureboot-db/bionic-updates,now 1.4~ubuntu0.18.04.1 amd64 [installed] +sed/bionic,now 4.4-2 amd64 [installed,automatic] +sensible-utils/bionic,now 0.0.12 all [installed,automatic] +shared-mime-info/bionic,now 1.9-2 amd64 [installed,automatic] +shim-signed/bionic-security,now 1.37~18.04.11+15.4-0ubuntu9 amd64 [installed,upgradable to: 1.37~18.04.13+15.7-0ubuntu1] +socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed] +software-properties-common/bionic-updates,now 0.96.24.32.22 all [installed] +sosreport/bionic-updates,now 4.4-1ubuntu0.18.04.1 amd64 [installed] +squashfs-tools/bionic-updates,bionic-security,now 1:4.3-6ubuntu0.18.04.4 amd64 [installed,automatic] +ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed] +strace/bionic,now 4.21-1ubuntu1 amd64 [installed,automatic] +sudo/bionic-updates,bionic-security,now 1.8.21p2-3ubuntu1.6 amd64 [installed,automatic] +sysfsutils/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed] +sysstat/now 11.6.1-1ubuntu0.2+esm1 amd64 [installed,local] +systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +systemd-sysv/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed] +tar/bionic-updates,bionic-security,now 1.29b-2ubuntu0.4 amd64 [installed,automatic] +tcpdump/bionic-updates,now 4.9.3-0ubuntu0.18.04.3 amd64 [installed,automatic] +telnet/bionic,now 0.17-41 amd64 [installed,automatic] +time/bionic,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/bionic-updates,bionic-security,now 2.6-3ubuntu0.3 amd64 [installed] +traceroute/bionic,now 1:2.1.0-2 amd64 [installed] +tzdata/bionic-updates,bionic-security,now 2023c-0ubuntu0.18.04 all [installed,automatic] +ubuntu-advantage-tools/bionic-updates,now 28.1~18.04 amd64 [installed,automatic] +ubuntu-azure-fips/now 1.1.4+updates1 amd64 [installed,local] +ubuntu-keyring/bionic-updates,now 2018.09.18.1~18.04.2 all [installed,automatic] +ubuntu-minimal/bionic-updates,now 1.417.5 amd64 [installed] +ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.45 all [installed,automatic] +ubuntu-standard/bionic-updates,now 1.417.5 amd64 [installed] +ucf/bionic,now 3.0038 all [installed,automatic] +udev/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +ufw/bionic-updates,now 0.36-0ubuntu0.18.04.2 all [installed,automatic] +uidmap/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.14 all [installed,automatic] +update-manager-core/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +update-notifier-common/bionic-updates,now 3.192.1.19 all [installed] +ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] +usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] +util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] +wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] +whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +wireless-regdb/bionic-updates,bionic-security,now 2022.06.06-0ubuntu1~18.04.1 all [installed] +xauth/bionic,now 1:1.0.10-1 amd64 [installed,automatic] +xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] +xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] +xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] +zip/bionic,now 3.0-11build1 amd64 [installed] +zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +udev 3.4G 0 3.4G 0% /dev +tmpfs 697M 728K 697M 1% /run +/dev/sda1 29G 22G 7.2G 76% / +tmpfs 3.5G 0 3.5G 0% /dev/shm +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup +/dev/sda15 105M 5.2M 100M 5% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 697M 0 697M 0% /run/user/1000 +Using kernel: +Linux version 4.15.0-2077-azure-fips (buildd@lcy02-amd64-106) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #83-Ubuntu SMP Tue Jul 18 19:05:42 UTC 2023 +Install completed successfully on Tue Aug 22 17:09:47 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 18.04 +Hyperv generation: V1 +Feature flags: None +Container runtime: containerd +FIPS enabled: True +=== os-release Begin +NAME="Ubuntu" +VERSION="18.04.6 LTS (Bionic Beaver)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 18.04.6 LTS" +VERSION_ID="18.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=bionic +UBUNTU_CODENAME=bionic +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-image-list.json index 564bd97d9e8..5fbbd5d742b 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "1804fipscontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-report.json index 8d3d9f7ac72..5012060f4d8 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmw4zwcxt1j6", + "ArtifactName": "pkrvm5n7o7kxtpc", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmw4zwcxt1j6 (ubuntu 18.04)", + "Target": "pkrvm5n7o7kxtpc (ubuntu 18.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest.txt index 33ddc4fdba9..af7b210470a 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804fipscontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:07:49 UTC 2023 +Starting build on Tue Aug 22 16:26:29 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,17 +131,17 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 593 Aug 16 17:07 /usr/local/bin/logrotate.sh --r-xr--r-- 1 root root 2462 Aug 16 17:07 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:07 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:20 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:20 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:24 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:24 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:26 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:26 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:26 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:28 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 593 Aug 22 16:26 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:41 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:41 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:44 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:44 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:44 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:46 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] @@ -803,10 +804,10 @@ ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] -vim/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] -vim-common/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] @@ -816,7 +817,7 @@ xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] -xxd/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] zip/bionic,now 3.0-11build1 amd64 [installed] zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] @@ -825,7 +826,7 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on udev 3.4G 0 3.4G 0% /dev tmpfs 697M 728K 697M 1% /run -/dev/sda1 29G 22G 7.4G 75% / +/dev/sda1 29G 22G 7.2G 76% / tmpfs 3.5G 0 3.5G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup @@ -834,10 +835,10 @@ tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup tmpfs 697M 0 697M 0% /run/user/1000 Using kernel: Linux version 4.15.0-2077-azure-fips (buildd@lcy02-amd64-106) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #83-Ubuntu SMP Tue Jul 18 19:05:42 UTC 2023 -Install completed successfully on Wed Aug 16 17:50:55 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:09:47 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 18.04 Hyperv generation: V1 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..bbb4878a59d --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "1804gpucontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..360afec292f --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,2619 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmn2kc9x6q0t", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmn2kc9x6q0t (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/nvidia/bin/nvidia-device-plugin", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2021-33194", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20201021035429-f5854403a974", + "FixedVersion": "0.0.0-20210520170846-37e1c6afe023", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33194", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "golang: x/net/html: infinite loop in ParseFragment", + "Description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-33194", + "https://github.com/advisories/GHSA-83g2-8m93-v3w7", + "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7", + "https://go.dev/cl/311090", + "https://go.dev/issue/46288", + "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7", + "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg", + "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-33194", + "https://pkg.go.dev/vuln/GO-2021-0238", + "https://www.cve.org/CVERecord?id=CVE-2021-33194" + ], + "PublishedDate": "2021-05-26T15:15:00Z", + "LastModifiedDate": "2022-06-03T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20201021035429-f5854403a974", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20201021035429-f5854403a974", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2021-38561", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.3", + "FixedVersion": "0.3.7", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "out-of-bounds read in golang.org/x/text/language leads to DoS", + "Description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-38561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561", + "https://deps.dev/advisory/OSV/GO-2021-0113", + "https://github.com/advisories/GHSA-ppp9-7jff-5vj2", + "https://go.dev/cl/340830", + "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f", + "https://groups.google.com/g/golang-announce", + "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", + "https://pkg.go.dev/golang.org/x/text/language", + "https://pkg.go.dev/vuln/GO-2021-0113", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2021-38561" + ], + "PublishedDate": "2022-12-26T06:15:00Z", + "LastModifiedDate": "2023-01-05T04:52:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.3", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0.txt new file mode 100644 index 00000000000..27ceb741ae0 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/202308.22.0.txt @@ -0,0 +1,868 @@ +Starting build on Tue Aug 22 16:26:04 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - /var/lib/kubelet/device-plugins + - extracted nvidia-device-plugin... +total 19968 +-rwxr-xr-x 1 root root 900 Aug 22 16:41 nvidia-sleep.sh +-rwxr-xr-x 1 root root 355344 Aug 22 16:41 nvidia-installer +-rwxr-xr-x 1 root root 38025 Aug 22 16:41 nvidia-bug-report.sh +-rwxr-xr-x 1 root root 638416 Aug 22 16:41 nvidia-smi +-rwxr-xr-x 1 root root 137904 Aug 22 16:41 nvidia-debugdump +-rwxr-xr-x 1 root root 18664 Aug 22 16:41 nvidia-cuda-mps-server +-rwxr-xr-x 1 root root 54184 Aug 22 16:41 nvidia-cuda-mps-control +-rwxr-xr-x 1 root root 208336 Aug 22 16:41 nvidia-persistenced +-rwxr-xr-x 1 root root 602752 Aug 22 16:41 nvidia-powerd +-rwxr-xr-x 1 root root 207424 Aug 22 16:41 nvidia-xconfig +-rwxr-xr-x 1 root root 306312 Aug 22 16:41 nvidia-settings +-rwxr-xr-x 1 root root 3892304 Aug 22 16:41 nvidia-ngx-updater +lrwxrwxrwx 1 root root 16 Aug 22 16:41 nvidia-uninstall -> nvidia-installer +-rwxr-xr-x 1 root root 13960920 Aug 22 16:57 nvidia-device-plugin + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 593 Aug 22 16:26 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:36 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:36 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:39 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:42 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +acl/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed] +adduser/bionic,now 3.116ubuntu1 all [installed,automatic] +apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +apt/bionic-updates,now 1.6.17 amd64 [installed,automatic] +apt-transport-https/bionic-updates,now 1.6.17 all [installed] +apt-utils/bionic-updates,now 1.6.17 amd64 [installed,automatic] +at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed] +attr/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +base-files/bionic-updates,now 10.1ubuntu2.11 amd64 [installed,automatic] +base-passwd/bionic,now 3.5.44 amd64 [installed,automatic] +bash/bionic-updates,bionic-security,now 4.4.18-2ubuntu1.3 amd64 [installed] +bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed,automatic] +bc/bionic,now 1.07.1-2 amd64 [installed,automatic] +bcache-tools/bionic-updates,now 1.0.8-2ubuntu0.18.04.1 amd64 [installed] +bind9-host/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +binfmt-support/bionic,now 2.1.8-2 amd64 [installed,automatic] +binutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-common/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +blobfuse/bionic,now 1.4.5 amd64 [installed] +blobfuse2/bionic,now 2.0.5 amd64 [installed] +bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed,automatic] +bsdutils/bionic-updates,bionic-security,now 1:2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed,automatic] +btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed] +build-essential/bionic,now 12.4ubuntu1 amd64 [installed] +busybox-initramfs/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +busybox-static/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +byobu/bionic,now 5.125-0ubuntu1 all [installed] +bzip2/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +ca-certificates/bionic-updates,bionic-security,now 20230311ubuntu0.18.04.1 all [installed] +ceph-common/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed] +cgroup-lite/bionic,now 1.15 all [installed] +chrony/bionic-updates,bionic-security,now 3.2-4ubuntu4.5 amd64 [installed] +cifs-utils/bionic-updates,bionic-security,now 2:6.8-1ubuntu1.2 amd64 [installed] +cloud-guest-utils/bionic,now 0.30-0ubuntu5 all [installed] +cloud-init/bionic-updates,bionic-security,now 23.1.2-0ubuntu0~18.04.1 all [installed] +cloud-initramfs-copymods/bionic-updates,now 0.40ubuntu1.1 all [installed] +cloud-initramfs-dyn-netconf/bionic-updates,now 0.40ubuntu1.1 all [installed] +command-not-found/bionic-updates,now 18.04.6 all [installed,automatic] +command-not-found-data/bionic-updates,now 18.04.6 amd64 [installed,automatic] +conntrack/bionic,now 1:1.4.4+snapshot20161117-6ubuntu2 amd64 [installed] +console-setup/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +console-setup-linux/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed,automatic] +cpio/bionic-updates,bionic-security,now 2.12+dfsg-6ubuntu0.18.04.4 amd64 [installed,automatic] +cpp/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +cpp-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +cracklib-runtime/bionic,now 2.9.2-5build1 amd64 [installed] +crda/bionic,now 3.18-1build1 amd64 [installed] +cron/bionic-updates,bionic-security,now 3.0pl1-128.1ubuntu1.2 amd64 [installed,automatic] +cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed] +dash/bionic,now 0.5.8-2.10 amd64 [installed] +dbus/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +dbus-user-session/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debconf-i18n/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debianutils/bionic,now 4.8.4 amd64 [installed,automatic] +diffutils/bionic,now 1:3.6-1 amd64 [installed] +dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 amd64 [installed,automatic] +distro-info-data/bionic-updates,now 0.37ubuntu0.17 all [installed,automatic] +dkms/bionic-updates,now 2.3-3ubuntu9.7 all [installed] +dmeventd/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dmidecode/bionic-updates,now 3.1-1ubuntu0.1 amd64 [installed,automatic] +dmsetup/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dns-root-data/bionic,now 2018013001 all [installed,automatic] +dnsmasq-base/bionic-updates,bionic-security,now 2.79-1ubuntu0.7 amd64 [installed,automatic] +dnsutils/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +dosfstools/bionic,now 4.1-1 amd64 [installed,automatic] +dpkg/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 amd64 [installed,automatic] +dpkg-dev/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +e2fsprogs/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +eatmydata/bionic,now 105-6 all [installed] +ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed] +ed/bionic,now 1.10-2.1 amd64 [installed,automatic] +efibootmgr/bionic,now 15-1 amd64 [installed,automatic] +eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed,automatic] +ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed] +fdisk/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed] +fonts-ubuntu-console/bionic,now 0.83-2 all [installed] +friendly-recovery/bionic-updates,now 0.2.38ubuntu1.2 all [installed,automatic] +ftp/bionic,now 0.17-34 amd64 [installed,automatic] +fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed] +g++/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +g++-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed,automatic] +gcc/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed] +gcc-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-7-base/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-8-base/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +gdisk/bionic,now 1.0.3-1 amd64 [installed,automatic] +geoip-database/bionic,now 20180315-1 all [installed,automatic] +gettext-base/bionic-updates,bionic-security,now 0.19.8.1-6ubuntu0.3 amd64 [installed,automatic] +gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed,automatic] +git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 amd64 [installed] +git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 all [installed,automatic] +glusterfs-client/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +glusterfs-common/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 all [installed,automatic] +gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +grep/bionic-updates,now 3.1-2build1 amd64 [installed] +groff-base/bionic,now 1.22.3-10 amd64 [installed,automatic] +grub-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-efi-amd64-bin/bionic-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/bionic-updates,now 1.187.3~18.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/bionic,now 0.7 amd64 [installed,automatic] +grub-pc/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-pc-bin/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub2-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +gzip/bionic-updates,bionic-security,now 1.6-5ubuntu1.2 amd64 [installed] +hdparm/bionic,now 9.54+ds-1 amd64 [installed,automatic] +hostname/bionic,now 3.20 amd64 [installed] +htop/bionic,now 2.1.0-3 amd64 [installed] +iftop/bionic,now 1.0~pre4-4 amd64 [installed] +info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +init/bionic,now 1.51 amd64 [installed] +init-system-helpers/bionic,now 1.51 all [installed] +initramfs-tools/bionic-updates,now 0.130ubuntu3.13 all [installed] +initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.13 amd64 [installed,automatic] +initramfs-tools-core/bionic-updates,now 0.130ubuntu3.13 all [installed,automatic] +inotify-tools/bionic,now 3.14-2 amd64 [installed] +install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +iotop/bionic,now 0.6-2 amd64 [installed] +iproute2/bionic-updates,now 4.15.0-2ubuntu1.3 amd64 [installed] +ipset/bionic,now 6.34-1 amd64 [installed] +iptables/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed] +iputils-ping/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +iputils-tracepath/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +irqbalance/bionic-updates,now 1.3.0-0.1ubuntu0.18.04.1 amd64 [installed,automatic] +isc-dhcp-client/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +isc-dhcp-common/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +iso-codes/bionic,now 3.79-1 all [installed,automatic] +iw/bionic,now 4.14-0.1 amd64 [installed] +jq/bionic,now 1.5+dfsg-2 amd64 [installed] +kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed,automatic] +keyboard-configuration/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +keyutils/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed] +klibc-utils/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +kmod/bionic-updates,now 24-1ubuntu3.5 amd64 [installed] +krb5-locales/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 all [installed,automatic] +landscape-common/bionic-updates,now 18.01-0ubuntu3.6 amd64 [installed] +language-selector-common/bionic-updates,now 0.188.3 all [installed,automatic] +less/bionic,now 487-0.1 amd64 [installed,automatic] +libaccountsservice0/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +libacl1/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libacl1-dev/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libaio1/bionic-updates,now 0.3.110-5ubuntu0.1 amd64 [installed,automatic] +libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +libapt-inst2.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libapt-pkg5.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed,automatic] +libasan4/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libasn1-8-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libassuan0/bionic,now 2.5.1-2 amd64 [installed,automatic] +libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed,automatic] +libatomic1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libattr1-dev/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libaudit-common/bionic-updates,now 1:2.8.2-1ubuntu1.1 all [installed,automatic] +libaudit1/bionic-updates,now 1:2.8.2-1ubuntu1.1 amd64 [installed,automatic] +libavahi-client3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common-data/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libbabeltrace1/bionic,now 1.5.5-1 amd64 [installed,automatic] +libbind9-160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libbinutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +libblkid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libbsd0/bionic-updates,bionic-security,now 0.8.7-1ubuntu0.1 amd64 [installed,automatic] +libbz2-1.0/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +libc-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc-dev-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6-dev/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed,automatic] +libcap2/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcap2-bin/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcc1-0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libcephfs2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libcilkrts5/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libcom-err2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libcrack2/bionic,now 2.9.2-5build1 amd64 [installed,automatic] +libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +libcups2/now 2.2.7-1ubuntu2.10+esm1 amd64 [installed,local] +libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libdb5.3/bionic-updates,bionic-security,now 5.3.28-13.1ubuntu1.1 amd64 [installed,automatic] +libdbus-1-3/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed,automatic] +libdevmapper-event1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdevmapper1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdns-export1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdns1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdpkg-perl/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +libdrm-common/bionic-updates,now 2.4.101-2~18.04.1 all [installed,automatic] +libdrm2/bionic-updates,now 2.4.101-2~18.04.1 amd64 [installed,automatic] +libdumbnet1/bionic,now 1.12-7build1 amd64 [installed] +libdw1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed] +libeatmydata1/bionic,now 105-6 amd64 [installed] +libedit2/bionic,now 3.1-20170329-1 amd64 [installed,automatic] +libefiboot1/bionic,now 34-1 amd64 [installed,automatic] +libefivar1/bionic,now 34-1 amd64 [installed,automatic] +libelf1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed,automatic] +liberror-perl/bionic,now 0.17025-1 all [installed,automatic] +libestr0/bionic,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed,automatic] +libexpat1/bionic-updates,bionic-security,now 2.2.5-3ubuntu0.9 amd64 [installed,automatic] +libext2fs2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libfastjson4/bionic,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libffi6/bionic,now 3.2.1-8 amd64 [installed,automatic] +libfreetype6/bionic-updates,bionic-security,now 2.8.1-2ubuntu2.2 amd64 [installed,automatic] +libfribidi0/bionic-updates,bionic-security,now 0.19.7-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed,automatic] +libgcc-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libgcc1/bionic-updates,bionic-security,now 1:8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgcrypt20/bionic-updates,bionic-security,now 1.8.1-4ubuntu1.3 amd64 [installed,automatic] +libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgdbm5/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgeoip1/bionic,now 1.6.12-1 amd64 [installed,automatic] +libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed,automatic] +libglib2.0-0/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 amd64 [installed,automatic] +libglib2.0-data/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 all [installed,automatic] +libgmp10/bionic-updates,bionic-security,now 2:6.1.2+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libgnutls30/bionic-updates,bionic-security,now 3.5.18-1ubuntu1.6 amd64 [installed,automatic] +libgomp1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgoogle-perftools4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libgpg-error0/bionic,now 1.27-6 amd64 [installed,automatic] +libgpm2/bionic,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libgssapi3-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhcrypto4-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimbase1-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimntlm0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhogweed4/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libhx509-5-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libibverbs1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libicu60/bionic-updates,bionic-security,now 60.2-3ubuntu3.2 amd64 [installed,automatic] +libidn11/bionic-updates,now 1.33-2.1ubuntu1.2 amd64 [installed,automatic] +libidn2-0/bionic-updates,bionic-security,now 2.0.4-1.1ubuntu0.2 amd64 [installed,automatic] +libinotifytools0/bionic,now 3.14-2 amd64 [installed,automatic] +libip4tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libip6tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libipset3/bionic,now 6.34-1 amd64 [installed,automatic] +libiptc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libirs160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc-export169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccc160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccfg160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisl19/bionic,now 0.19-1 amd64 [installed,automatic] +libisns0/bionic,now 0.97-2build1 amd64 [installed,automatic] +libitm1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libjansson4/bionic,now 2.11-1 amd64 [installed] +libjq1/bionic,now 1.5+dfsg-2 amd64 [installed,automatic] +libjson-c3/bionic-updates,bionic-security,now 0.12.1-1.3ubuntu0.3 amd64 [installed,automatic] +libk5crypto3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkeyutils1/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed,automatic] +libklibc/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +libkmod2/bionic-updates,now 24-1ubuntu3.5 amd64 [installed,automatic] +libkrb5-26-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libkrb5-3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkrb5support0/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libksba8/bionic-updates,bionic-security,now 1.3.5-2ubuntu0.18.04.2 amd64 [installed,automatic] +libldap-2.4-2/now 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 [installed,local] +libldap-common/now 2.4.45+dfsg-1ubuntu1.11+esm1 all [installed,local] +libldb1/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed,automatic] +liblsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +liblvm2app2.2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblvm2cmd2.02/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblwres160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +liblxc-common/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblxc1/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblz4-1/bionic-updates,bionic-security,now 0.0~r131-2ubuntu3.1 amd64 [installed,automatic] +liblzma5/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed,automatic] +liblzo2-2/bionic,now 2.08-1.2 amd64 [installed,automatic] +libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmnl0/bionic,now 1.0.4-2 amd64 [installed,automatic] +libmount1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libmpc3/bionic,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed,automatic] +libmpfr6/bionic,now 4.0.1-1 amd64 [installed,automatic] +libmpx2/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libncurses5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libncursesw5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed,automatic] +libnetplan0/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +libnettle6/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed,automatic] +libnfsidmap2/bionic,now 0.25-5.1 amd64 [installed,automatic] +libnftnl7/bionic,now 1.0.9-2 amd64 [installed,automatic] +libnghttp2-14/now 1.30.0-1ubuntu1+esm1 amd64 [installed,local] +libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed,automatic] +libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-route-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic] +libnpth0/bionic,now 1.5-3 amd64 [installed,automatic] +libnspr4/bionic,now 2:4.18-1ubuntu1 amd64 [installed,automatic] +libnss-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libnss3/bionic-updates,bionic-security,now 2:3.35-2ubuntu2.16 amd64 [installed,automatic] +libntfs-3g88/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +libnuma1/bionic-updates,now 2.0.11-2.1ubuntu0.1 amd64 [installed,automatic] +libnvidia-container-tools/now 1.13.1-1 amd64 [installed,local] +libnvidia-container1/now 1.13.1-1 amd64 [installed,local] +libonig4/now 6.7.0-1ubuntu0.1~esm2 amd64 [installed,local] +libp11-kit0/bionic-updates,bionic-security,now 0.23.9-2ubuntu0.1 amd64 [installed,automatic] +libpam-cap/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libpam-modules/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-modules-bin/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-pwquality/bionic,now 1.4.0-2 amd64 [installed] +libpam-runtime/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 all [installed,automatic] +libpam-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libpam0g/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libparted2/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +libpcap0.8/bionic-updates,now 1.8.1-6ubuntu1.18.04.2 amd64 [installed,automatic] +libpci3/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +libpcre3/bionic-updates,bionic-security,now 2:8.39-9ubuntu0.1 amd64 [installed,automatic] +libperl5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +libpipeline1/bionic,now 1.5.0-1 amd64 [installed,automatic] +libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.2 amd64 [installed,automatic] +libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpopt0/bionic,now 1.16-11 amd64 [installed,automatic] +libprocps6/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +libpsl5/bionic,now 0.19.1-5build1 amd64 [installed,automatic] +libpwquality-common/bionic,now 1.4.0-2 all [installed,automatic] +libpwquality-tools/bionic,now 1.4.0-2 amd64 [installed] +libpwquality1/bionic,now 1.4.0-2 amd64 [installed,automatic] +libpython-stdlib/bionic,now 2.7.15~rc1-1 amd64 [installed] +libpython2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3-stdlib/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +libpython3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-stdlib/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libquadmath0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +librados2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libradosstriper1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librbd1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librdmacm1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed,automatic] +libreadline7/bionic,now 7.0-3 amd64 [installed,automatic] +libroken18-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed,automatic] +libsasl2-2/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules-db/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libseccomp2/bionic-updates,bionic-security,now 2.5.1-1ubuntu1~18.04.2 amd64 [installed,automatic] +libselinux1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsemanage-common/bionic,now 2.7-2build2 all [installed,automatic] +libsemanage1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsensors4/bionic-updates,now 1:3.4.0-4ubuntu0.1 amd64 [installed,automatic] +libsepol1/bionic-updates,bionic-security,now 2.7-1ubuntu0.1 amd64 [installed,automatic] +libsigsegv2/bionic,now 2.12-1 amd64 [installed,automatic] +libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed,automatic] +libsmartcols1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libsnappy1v5/bionic,now 1.1.7-1 amd64 [installed,automatic] +libsqlite3-0/bionic-updates,bionic-security,now 3.22.0-1ubuntu0.7 amd64 [installed,automatic] +libss2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libssl1.0.0/bionic-updates,bionic-security,now 1.0.2n-1ubuntu5.13 amd64 [installed,automatic] +libssl1.1/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +libstdc++-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libstdc++6/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libsysfs2/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed,automatic] +libsystemd0/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libtalloc2/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +libtasn1-6/bionic,now 4.13-2 amd64 [installed,automatic] +libtcmalloc-minimal4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libtdb1/bionic,now 1.3.15-2 amd64 [installed] +libtevent0/bionic,now 0.9.34-1 amd64 [installed] +libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed,automatic] +libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed,automatic] +libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed,automatic] +libtinfo5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libtirpc1/bionic-updates,bionic-security,now 0.2.5-1.2ubuntu0.1 amd64 [installed,automatic] +libtsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libubsan0/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libudev1/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libunistring2/bionic-updates,now 0.9.9-0ubuntu2 amd64 [installed,automatic] +libunwind8/bionic-updates,now 1.2.1-8ubuntu0.1 amd64 [installed,automatic] +liburcu6/bionic-updates,now 0.10.1-1ubuntu1 amd64 [installed,automatic] +libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed,automatic] +libutempter0/bionic,now 1.1.6-3 amd64 [installed,automatic] +libuuid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libuv1/bionic,now 1.18.0-3 amd64 [installed,automatic] +libwbclient0/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +libwind0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libwrap0/bionic,now 7.6.q-27 amd64 [installed] +libx11-6/now 2:1.6.4-3ubuntu0.4+esm1 amd64 [installed,local] +libx11-data/now 2:1.6.4-3ubuntu0.4+esm1 all [installed,local] +libxau6/bionic-updates,now 1:1.0.8-1ubuntu1 amd64 [installed,automatic] +libxcb1/bionic-updates,now 1.13-2~ubuntu18.04 amd64 [installed,automatic] +libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed,automatic] +libxext6/bionic,now 2:1.3.3-1 amd64 [installed,automatic] +libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.9 amd64 [installed,automatic] +libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed,automatic] +libxtables12/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed,automatic] +libzstd1/bionic-updates,bionic-security,now 1.3.3+dfsg-2ubuntu1.2 amd64 [installed,automatic] +linux-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-azure-5.4-cloud-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-cloud-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-5.4-headers-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 all [installed] +linux-azure-5.4-headers-5.4.0-1112/now 5.4.0-1112.118~18.04.1 all [installed,local] +linux-azure-5.4-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-base/bionic-updates,now 4.5ubuntu1.7 all [installed,automatic] +linux-base-sgx/bionic-updates,now 4.5ubuntu1.7 all [installed] +linux-cloud-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-cloud-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-cloud-tools-common/now 4.15.0-214.225 all [installed,local] +linux-headers-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-headers-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-image-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-image-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-libc-dev/now 4.15.0-214.225 amd64 [installed,local] +linux-modules-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-modules-extra-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-tools-common/now 4.15.0-214.225 all [installed,local] +locales/bionic-updates,now 2.27-3ubuntu1.6 all [installed,automatic] +login/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed] +logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed,automatic] +lsb-base/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lsb-release/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.2 amd64 [installed,automatic] +lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed,automatic] +lsscsi/bionic,now 0.28-0.1 amd64 [installed] +ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed,automatic] +lvm2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed] +lxcfs/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +lxd/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed] +lxd-client/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed,automatic] +make/bionic,now 4.1-9.1ubuntu1 amd64 [installed] +man-db/bionic-updates,now 2.8.3-2ubuntu0.1 amd64 [installed,automatic] +manpages/bionic,now 4.15-1 all [installed,automatic] +mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed,automatic] +mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.4 amd64 [installed] +mime-support/bionic,now 3.60ubuntu1 all [installed,automatic] +mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu18.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu18.04u1] +moby-runc/testing,bionic,now 1.1.7+azure-ubuntu18.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu18.04u1] +mokutil/bionic-updates,now 0.6.0-2~18.04.1 amd64 [installed] +motd-news-config/bionic-updates,now 10.1ubuntu2.11 all [installed] +mount/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +mtr-tiny/bionic,now 0.92-1 amd64 [installed,automatic] +multiarch-support/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +nano/bionic,now 2.9.3-2 amd64 [installed,automatic] +ncurses-base/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +ncurses-bin/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed] +ncurses-term/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed] +netbase/bionic,now 5.4 all [installed,automatic] +netcat/bionic,now 1.10-41.1 all [installed] +netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed,automatic] +netcat-traditional/bionic,now 1.10-41.1 amd64 [installed,automatic] +netplan.io/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +networkd-dispatcher/bionic-updates,bionic-security,now 1.7-0ubuntu3.5 all [installed,automatic] +nfs-common/bionic-updates,now 1:1.3.4-2.1ubuntu5.5 amd64 [installed] +nftables/bionic,now 0.8.2-1 amd64 [installed] +nplan/bionic-updates,now 0.99-0ubuntu3~18.04.5 all [installed,automatic] +ntfs-3g/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +nvidia-container-runtime/now 3.13.0-1 all [installed,local] +nvidia-container-toolkit/now 1.13.1-1 amd64 [installed,local] +nvidia-container-toolkit-base/now 1.13.1-1 amd64 [installed,local] +open-iscsi/now 2.0.874-5ubuntu2.11+esm1 amd64 [installed,local] +openssh-client/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-sftp-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssl/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic] +overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed] +packages-microsoft-prod/bionic,now 1.0-ubuntu18.04.2 all [installed] +parted/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +passwd/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +pastebinit/bionic,now 1.5-2 all [installed,automatic] +patch/bionic-updates,bionic-security,now 2.7.6-2ubuntu1.1 amd64 [installed] +pciutils/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +perl/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-base/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-modules-5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 all [installed,automatic] +pigz/bionic,now 2.4-1 amd64 [installed] +pinentry-curses/bionic,now 1.1.0-1 amd64 [installed,automatic] +plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.2 all [installed] +popularity-contest/bionic,now 1.66ubuntu1 all [installed,automatic] +powermgmt-base/bionic,now 1.33 all [installed,automatic] +procps/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +psmisc/bionic-updates,now 23.1-1ubuntu0.1 amd64 [installed,automatic] +publicsuffix/bionic,now 20180223.1310-1 all [installed,automatic] +python/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-apt-common/bionic-updates,now 1.6.6 all [installed,automatic] +python-cephfs/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python-crypto/bionic,now 2.6.1-8ubuntu2 amd64 [installed] +python-idna/bionic,now 2.6-1 all [installed,automatic] +python-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed,automatic] +python-ldb/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +python-minimal/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python-prettytable/bionic,now 0.7.2-3 all [installed,automatic] +python-rados/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-rbd/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python-samba/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +python-six/bionic,now 1.11.0-2 all [installed] +python-talloc/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +python-tdb/bionic,now 1.3.15-2 amd64 [installed] +python-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python3/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-apport/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-apt/bionic-updates,now 1.6.6 amd64 [installed,automatic] +python3-asn1crypto/bionic,now 0.24.0-1 all [installed,automatic] +python3-attr/bionic,now 17.4.0-2 all [installed,automatic] +python3-automat/bionic,now 0.6.0-1 all [installed,automatic] +python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed] +python3-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed,automatic] +python3-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python3-click/bionic,now 6.7-3 all [installed,automatic] +python3-colorama/bionic,now 0.3.7-1 all [installed,automatic] +python3-commandnotfound/bionic-updates,now 18.04.6 all [installed,automatic] +python3-configobj/bionic,now 5.0.6-2 all [installed,automatic] +python3-constantly/bionic,now 15.1.0-1 all [installed,automatic] +python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.4 amd64 [installed,automatic] +python3-dbus/bionic,now 1.2.6-1 amd64 [installed,automatic] +python3-debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +python3-debian/bionic,now 0.1.32 all [installed,automatic] +python3-distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 all [installed,automatic] +python3-distupgrade/bionic-updates,now 1:18.04.45 all [installed,automatic] +python3-distutils/bionic-updates,now 3.6.9-1~18.04 all [installed] +python3-gdbm/bionic-updates,now 3.6.9-1~18.04 amd64 [installed,automatic] +python3-gi/bionic-updates,now 3.26.1-2ubuntu1 amd64 [installed,automatic] +python3-httplib2/bionic-updates,now 0.9.2+dfsg-1ubuntu0.3 all [installed,automatic] +python3-hyperlink/bionic,now 17.3.1-2 all [installed,automatic] +python3-idna/bionic,now 2.6-1 all [installed,automatic] +python3-incremental/bionic,now 16.10.1-3 all [installed,automatic] +python3-jinja2/bionic-updates,bionic-security,now 2.10-1ubuntu0.18.04.1 all [installed] +python3-json-pointer/bionic,now 1.10-1 all [installed] +python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed] +python3-jsonschema/bionic,now 2.6.0-2 all [installed] +python3-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed] +python3-lib2to3/bionic-updates,now 3.6.9-1~18.04 all [installed,automatic] +python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed] +python3-minimal/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-netifaces/bionic,now 0.10.4-0.1build4 amd64 [installed,automatic] +python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +python3-oauthlib/bionic,now 2.0.6-1 all [installed] +python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed,automatic] +python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed,automatic] +python3-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python3-pexpect/bionic,now 4.2.1-1 all [installed,automatic] +python3-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python3-problem-report/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-ptyprocess/bionic,now 0.5.2-1 all [installed,automatic] +python3-pyasn1/bionic,now 0.4.2-3 all [installed,automatic] +python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed,automatic] +python3-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed,automatic] +python3-serial/bionic,now 3.4-2 all [installed,automatic] +python3-service-identity/bionic,now 16.0.0-2 all [installed,automatic] +python3-six/bionic,now 1.11.0-2 all [installed,automatic] +python3-software-properties/bionic-updates,now 0.96.24.32.22 all [installed,automatic] +python3-twisted/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 all [installed,automatic] +python3-twisted-bin/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 amd64 [installed,automatic] +python3-update-manager/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +python3-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python3-yaml/bionic,now 3.12-1build2 amd64 [installed,automatic] +python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed,automatic] +python3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +python3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +readline-common/bionic,now 7.0-3 all [installed,automatic] +rng-tools/bionic,now 5-0ubuntu4 amd64 [installed] +rpcbind/bionic-updates,bionic-security,now 0.2.3-0.6ubuntu0.18.04.4 amd64 [installed,automatic] +rsync/bionic-updates,bionic-security,now 3.1.2-2.1ubuntu1.6 amd64 [installed,automatic] +rsyslog/bionic-updates,bionic-security,now 8.32.0-1ubuntu4.2 amd64 [installed,automatic] +run-one/bionic,now 1.17-0ubuntu1 all [installed,automatic] +samba-common/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 all [installed] +samba-common-bin/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +samba-libs/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +sbsigntool/bionic-updates,now 0.9.2-2ubuntu1~18.04.2 amd64 [installed] +screen/now 4.6.2-1ubuntu1.1+esm1 amd64 [installed,local] +secureboot-db/bionic-updates,now 1.4~ubuntu0.18.04.1 amd64 [installed] +sed/bionic,now 4.4-2 amd64 [installed,automatic] +sensible-utils/bionic,now 0.0.12 all [installed,automatic] +shared-mime-info/bionic,now 1.9-2 amd64 [installed,automatic] +shim-signed/bionic-updates,now 1.37~18.04.13+15.7-0ubuntu1 amd64 [installed] +socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed] +software-properties-common/bionic-updates,now 0.96.24.32.22 all [installed] +sosreport/bionic-updates,now 4.4-1ubuntu0.18.04.1 amd64 [installed] +squashfs-tools/bionic-updates,bionic-security,now 1:4.3-6ubuntu0.18.04.4 amd64 [installed,automatic] +ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed] +strace/bionic,now 4.21-1ubuntu1 amd64 [installed,automatic] +sudo/bionic-updates,bionic-security,now 1.8.21p2-3ubuntu1.6 amd64 [installed,automatic] +sysfsutils/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed] +sysstat/now 11.6.1-1ubuntu0.2+esm1 amd64 [installed,local] +systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +systemd-sysv/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed] +tar/bionic-updates,bionic-security,now 1.29b-2ubuntu0.4 amd64 [installed,automatic] +tcpdump/bionic-updates,now 4.9.3-0ubuntu0.18.04.3 amd64 [installed,automatic] +telnet/bionic,now 0.17-41 amd64 [installed,automatic] +time/bionic,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/bionic-updates,bionic-security,now 2.6-3ubuntu0.3 amd64 [installed] +traceroute/bionic,now 1:2.1.0-2 amd64 [installed] +tzdata/bionic-updates,bionic-security,now 2023c-0ubuntu0.18.04 all [installed,automatic] +ubuntu-advantage-tools/bionic-updates,now 28.1~18.04 amd64 [installed,automatic] +ubuntu-keyring/bionic-updates,now 2018.09.18.1~18.04.2 all [installed,automatic] +ubuntu-minimal/bionic-updates,now 1.417.5 amd64 [installed] +ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.45 all [installed,automatic] +ubuntu-standard/bionic-updates,now 1.417.5 amd64 [installed] +ucf/bionic,now 3.0038 all [installed,automatic] +udev/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +ufw/bionic-updates,now 0.36-0ubuntu0.18.04.2 all [installed,automatic] +uidmap/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.14 all [installed,automatic] +update-manager-core/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +update-notifier-common/bionic-updates,now 3.192.1.19 all [installed] +ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] +usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] +util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] +wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] +whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +wireless-regdb/bionic-updates,bionic-security,now 2022.06.06-0ubuntu1~18.04.1 all [installed] +xauth/bionic,now 1:1.0.10-1 amd64 [installed,automatic] +xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] +xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] +xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] +zip/bionic,now 3.0-11build1 amd64 [installed] +zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +udev 56G 0 56G 0% /dev +tmpfs 12G 760K 12G 1% /run +/dev/sdb1 29G 24G 5.9G 80% / +tmpfs 56G 0 56G 0% /dev/shm +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 56G 0 56G 0% /sys/fs/cgroup +/dev/sdb15 105M 5.3M 100M 5% /boot/efi +/dev/sda1 724G 32K 687G 1% /mnt +tmpfs 12G 0 12G 0% /run/user/1000 +Using kernel: +Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 +Install completed successfully on Tue Aug 22 17:02:31 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 18.04 +Hyperv generation: V1 +Feature flags: fullgpudaemon +Container runtime: containerd +FIPS enabled: +=== os-release Begin +NAME="Ubuntu" +VERSION="18.04.6 LTS (Bionic Beaver)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 18.04.6 LTS" +VERSION_ID="18.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=bionic +UBUNTU_CODENAME=bionic +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-image-list.json index d6a4069214f..bbb4878a59d 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "1804gpucontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-report.json index 0d5fcdf33be..360afec292f 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmv83ffr0olm", + "ArtifactName": "pkrvmn2kc9x6q0t", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmv83ffr0olm (ubuntu 18.04)", + "Target": "pkrvmn2kc9x6q0t (ubuntu 18.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest.txt index efac8e8789a..27ceb741ae0 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/1804gpucontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:05:59 UTC 2023 +Starting build on Tue Aug 22 16:26:04 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -96,20 +97,20 @@ containerd images pre-pulled: - /var/lib/kubelet/device-plugins - extracted nvidia-device-plugin... total 19968 --rwxr-xr-x 1 root root 900 Aug 16 17:20 nvidia-sleep.sh --rwxr-xr-x 1 root root 355344 Aug 16 17:20 nvidia-installer --rwxr-xr-x 1 root root 38025 Aug 16 17:20 nvidia-bug-report.sh --rwxr-xr-x 1 root root 638416 Aug 16 17:20 nvidia-smi --rwxr-xr-x 1 root root 137904 Aug 16 17:20 nvidia-debugdump --rwxr-xr-x 1 root root 18664 Aug 16 17:20 nvidia-cuda-mps-server --rwxr-xr-x 1 root root 54184 Aug 16 17:20 nvidia-cuda-mps-control --rwxr-xr-x 1 root root 208336 Aug 16 17:20 nvidia-persistenced --rwxr-xr-x 1 root root 602752 Aug 16 17:20 nvidia-powerd --rwxr-xr-x 1 root root 207424 Aug 16 17:20 nvidia-xconfig --rwxr-xr-x 1 root root 306312 Aug 16 17:20 nvidia-settings --rwxr-xr-x 1 root root 3892304 Aug 16 17:20 nvidia-ngx-updater -lrwxrwxrwx 1 root root 16 Aug 16 17:20 nvidia-uninstall -> nvidia-installer --rwxr-xr-x 1 root root 13960920 Aug 16 17:36 nvidia-device-plugin +-rwxr-xr-x 1 root root 900 Aug 22 16:41 nvidia-sleep.sh +-rwxr-xr-x 1 root root 355344 Aug 22 16:41 nvidia-installer +-rwxr-xr-x 1 root root 38025 Aug 22 16:41 nvidia-bug-report.sh +-rwxr-xr-x 1 root root 638416 Aug 22 16:41 nvidia-smi +-rwxr-xr-x 1 root root 137904 Aug 22 16:41 nvidia-debugdump +-rwxr-xr-x 1 root root 18664 Aug 22 16:41 nvidia-cuda-mps-server +-rwxr-xr-x 1 root root 54184 Aug 22 16:41 nvidia-cuda-mps-control +-rwxr-xr-x 1 root root 208336 Aug 22 16:41 nvidia-persistenced +-rwxr-xr-x 1 root root 602752 Aug 22 16:41 nvidia-powerd +-rwxr-xr-x 1 root root 207424 Aug 22 16:41 nvidia-xconfig +-rwxr-xr-x 1 root root 306312 Aug 22 16:41 nvidia-settings +-rwxr-xr-x 1 root root 3892304 Aug 22 16:41 nvidia-ngx-updater +lrwxrwxrwx 1 root root 16 Aug 22 16:41 nvidia-uninstall -> nvidia-installer +-rwxr-xr-x 1 root root 13960920 Aug 22 16:57 nvidia-device-plugin - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 @@ -147,17 +148,17 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 593 Aug 16 17:05 /usr/local/bin/logrotate.sh --r-xr--r-- 1 root root 2462 Aug 16 17:05 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:05 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:13 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:13 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:18 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:18 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:18 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:21 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 593 Aug 22 16:26 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:26 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:26 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:36 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:36 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:39 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:42 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] @@ -811,10 +812,10 @@ ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] -vim/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] -vim-common/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] @@ -824,7 +825,7 @@ xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] -xxd/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] zip/bionic,now 3.0-11build1 amd64 [installed] zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] @@ -833,7 +834,7 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on udev 56G 0 56G 0% /dev tmpfs 12G 760K 12G 1% /run -/dev/sdb1 29G 23G 6.1G 80% / +/dev/sdb1 29G 24G 5.9G 80% / tmpfs 56G 0 56G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 56G 0 56G 0% /sys/fs/cgroup @@ -842,10 +843,10 @@ tmpfs 56G 0 56G 0% /sys/fs/cgroup tmpfs 12G 0 12G 0% /run/user/1000 Using kernel: Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 -Install completed successfully on Wed Aug 16 17:41:26 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:02:31 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 18.04 Hyperv generation: V1 Feature flags: fullgpudaemon diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..d40f9cdb011 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "2004fipscontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..f660b3f737b --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2061 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..eccd7d23706 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm2sh49yncqc", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "20.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm2sh49yncqc (ubuntu 20.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0.txt new file mode 100644 index 00000000000..1229e030d32 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/202308.22.0.txt @@ -0,0 +1,920 @@ +Starting build on Tue Aug 22 16:25:53 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:42 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:42 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:45 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:45 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:45 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:47 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/focal-updates,focal-security,now 0.6.55-0ubuntu12~20.04.6 amd64 [installed,automatic] +acr-mirror/now 0.1.0 amd64 [installed,local] +adduser/focal,now 3.118ubuntu2 all [installed,automatic] +alsa-topology-conf/focal,now 1.2.2-1 all [installed,automatic] +alsa-ucm-conf/focal-updates,now 1.2.2-1ubuntu0.13 all [installed,automatic] +apparmor/focal-updates,now 2.13.3-7ubuntu5.2 amd64 [installed,automatic] +apt-transport-https/focal-updates,now 2.0.9 all [installed] +apt-utils/focal-updates,now 2.0.9 amd64 [installed,automatic] +apt/focal-updates,now 2.0.9 amd64 [installed,automatic] +at/focal,now 3.1.23-1ubuntu1 amd64 [installed] +attr/focal,now 1:2.4.48-5 amd64 [installed,automatic] +base-files/focal-updates,now 11ubuntu5.7 amd64 [installed] +base-passwd/focal,now 3.5.47 amd64 [installed] +bash-completion/focal,now 1:2.10-1ubuntu1 all [installed,automatic] +bash/focal-updates,focal-security,now 5.0-6ubuntu1.2 amd64 [installed] +bc/focal,now 1.07.1-2build1 amd64 [installed,automatic] +bcache-tools/focal-updates,now 1.0.8-3ubuntu0.1 amd64 [installed] +bind9-dnsutils/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 amd64 [installed,automatic] +bind9-host/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 amd64 [installed,automatic] +bind9-libs/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 amd64 [installed,automatic] +binfmt-support/focal,now 2.2.0-2 amd64 [installed,automatic] +binutils-common/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +binutils/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +blobfuse/focal,now 1.4.5 amd64 [installed] +bolt/focal-updates,now 0.9.1-2~ubuntu20.04.2 amd64 [installed,automatic] +bsdmainutils/focal,now 11.1.2ubuntu3 amd64 [installed,automatic] +bsdutils/focal-updates,now 1:2.34-0.1ubuntu9.4 amd64 [installed,automatic] +btrfs-progs/focal,now 5.4.1-2 amd64 [installed] +build-essential/focal-updates,now 12.8ubuntu1.1 amd64 [installed] +busybox-initramfs/focal-updates,focal-security,now 1:1.30.1-4ubuntu6.4 amd64 [installed,automatic] +busybox-static/focal-updates,focal-security,now 1:1.30.1-4ubuntu6.4 amd64 [installed,automatic] +byobu/focal,now 5.133-0ubuntu1 all [installed] +bzip2/focal,now 1.0.8-2 amd64 [installed,automatic] +ca-certificates/focal-updates,focal-security,now 20230311ubuntu0.20.04.1 all [installed] +ceph-common/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed] +cgroup-lite/focal,now 1.15 all [installed] +chrony/focal-updates,focal-security,now 3.5-6ubuntu6.2 amd64 [installed] +cifs-utils/focal-updates,focal-security,now 2:6.9-1ubuntu0.2 amd64 [installed] +cloud-guest-utils/focal,now 0.31-7-gd99b2d76-0ubuntu1 all [installed] +cloud-init/focal-updates,now 23.2.2-0ubuntu0~20.04.1 all [installed] +cloud-initramfs-copymods/focal-updates,now 0.45ubuntu2 all [installed] +cloud-initramfs-dyn-netconf/focal-updates,now 0.45ubuntu2 all [installed] +command-not-found/focal-updates,now 20.04.6 all [installed,automatic] +conntrack/focal,now 1:1.4.5-2 amd64 [installed] +console-setup-linux/focal,now 1.194ubuntu3 all [installed,automatic] +console-setup/focal,now 1.194ubuntu3 all [installed,automatic] +coreutils/focal,now 8.30-3ubuntu2 amd64 [installed,automatic] +cpio/focal-updates,focal-security,now 2.13+dfsg-2ubuntu0.3 amd64 [installed,automatic] +cpp-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +cpp/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic] +cracklib-runtime/focal,now 2.9.6-3.2 amd64 [installed] +crda/focal,now 3.18-1build1 amd64 [installed,automatic] +cron/focal,now 3.0pl1-136ubuntu1 amd64 [installed,automatic] +cryptsetup-bin/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +cryptsetup-initramfs/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 all [installed,automatic] +cryptsetup-run/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 all [installed,automatic] +cryptsetup/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +curl/focal-updates,focal-security,now 7.68.0-1ubuntu2.19 amd64 [installed] +dash/focal,now 0.5.10.2-6 amd64 [installed] +dbus-user-session/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +dbus/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +dconf-gsettings-backend/focal,now 0.36.0-1 amd64 [installed,automatic] +dconf-service/focal,now 0.36.0-1 amd64 [installed,automatic] +dctrl-tools/focal,now 2.24-3 amd64 [installed,automatic] +debconf-i18n/focal,now 1.5.73 all [installed,automatic] +debconf/focal,now 1.5.73 all [installed,automatic] +debianutils/focal,now 4.9.1 amd64 [installed,automatic] +diffutils/focal,now 1:3.7-3 amd64 [installed] +dirmngr/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed] +distro-info-data/focal-updates,now 0.43ubuntu1.13 all [installed,automatic] +distro-info/focal-updates,now 0.23ubuntu1.1 amd64 [installed,automatic] +dkms/focal-updates,now 2.8.1-5ubuntu2 all [installed] +dmeventd/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +dmidecode/focal,now 3.2-3 amd64 [installed,automatic] +dmsetup/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +dnsutils/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 all [installed] +dosfstools/focal,now 4.1-2 amd64 [installed,automatic] +dpkg-dev/focal-updates,focal-security,now 1.19.7ubuntu3.2 all [installed,automatic] +dpkg/focal-updates,focal-security,now 1.19.7ubuntu3.2 amd64 [installed,automatic] +e2fsprogs/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +eatmydata/focal,now 105-7 all [installed] +ebtables/focal,now 2.0.11-3build1 amd64 [installed] +ed/focal,now 1.16-1 amd64 [installed,automatic] +efibootmgr/focal,now 17-1 amd64 [installed] +eject/focal,now 2.1.5+deb1+cvs20081104-14 amd64 [installed,automatic] +ethtool/focal,now 1:5.4-1 amd64 [installed] +fdisk/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +file/focal,now 1:5.38-4 amd64 [installed,automatic] +finalrd/focal-updates,now 6~ubuntu20.04.1 all [installed,automatic] +findutils/focal,now 4.7.0-1ubuntu1 amd64 [installed] +fips-initramfs-generic/now 0.0.15+generic1 amd64 [installed,local] +fonts-ubuntu-console/focal,now 0.83-4ubuntu1 all [installed] +friendly-recovery/focal-updates,now 0.2.41ubuntu0.20.04.1 all [installed,automatic] +ftp/focal,now 0.17-34.1 amd64 [installed,automatic] +fuse/focal,now 2.9.9-3 amd64 [installed] +fwupd-signed/focal-updates,now 1.51.1~20.04.1+1.4-0ubuntu0.1 amd64 [installed,automatic] +fwupd/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed] +g++-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +g++/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic] +gawk/focal,now 1:5.0.1+dfsg-1 amd64 [installed,automatic] +gcc-10-base/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +gcc-9-base/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +gcc-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +gcc/focal,now 4:9.3.0-1ubuntu2 amd64 [installed] +gdisk/focal,now 1.0.5-1 amd64 [installed,automatic] +gettext-base/focal,now 0.19.8.1-10build1 amd64 [installed,automatic] +gir1.2-glib-2.0/focal-updates,now 1.64.1-1~ubuntu20.04.1 amd64 [installed,automatic] +gir1.2-packagekitglib-1.0/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +git-man/focal-updates,focal-security,now 1:2.25.1-1ubuntu3.11 all [installed,automatic] +git/focal-updates,focal-security,now 1:2.25.1-1ubuntu3.11 amd64 [installed] +glib-networking-common/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 all [installed,automatic] +glib-networking-services/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 amd64 [installed,automatic] +glib-networking/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 amd64 [installed,automatic] +glusterfs-client/focal,now 7.2-2build1 amd64 [installed] +glusterfs-common/focal,now 7.2-2build1 amd64 [installed,automatic] +gnupg-l10n/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 all [installed,automatic] +gnupg-utils/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gnupg/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 all [installed] +gpg-agent/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg-wks-client/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg-wks-server/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgconf/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgsm/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgv/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +grep/focal,now 3.4-1 amd64 [installed] +groff-base/focal,now 1.22.4-4build1 amd64 [installed,automatic] +grub-common/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub-efi-amd64-bin/focal-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/focal-updates,now 1.187.3~20.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/focal,now 0.7 amd64 [installed,automatic] +grub-pc-bin/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub-pc/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub2-common/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +gsettings-desktop-schemas/focal,now 3.36.0-1ubuntu1 all [installed,automatic] +gzip/focal-updates,focal-security,now 1.10-0ubuntu4.1 amd64 [installed] +hdparm/focal,now 9.58+ds-4 amd64 [installed,automatic] +hostname/focal,now 3.23 amd64 [installed] +htop/focal,now 2.2.0-2build1 amd64 [installed] +iftop/focal,now 1.0~pre4-6build1 amd64 [installed] +info/focal,now 6.7.0.dfsg.2-5 amd64 [installed,automatic] +init-system-helpers/focal,now 1.57 all [installed] +init/focal,now 1.57 amd64 [installed] +initramfs-tools-bin/focal-updates,now 0.136ubuntu6.7 amd64 [installed,automatic] +initramfs-tools-core/focal-updates,now 0.136ubuntu6.7 all [installed,automatic] +initramfs-tools/focal-updates,now 0.136ubuntu6.7 all [installed] +inotify-tools/focal,now 3.14-8 amd64 [installed] +install-info/focal,now 6.7.0.dfsg.2-5 amd64 [installed,automatic] +iotop/focal-updates,now 0.6-24-g733f3f8-1ubuntu0.1 amd64 [installed] +iproute2/focal,now 5.5.0-1ubuntu1 amd64 [installed] +ipset/focal-updates,now 7.5-1ubuntu0.20.04.1 amd64 [installed] +iptables/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed] +iputils-ping/focal,now 3:20190709-3 amd64 [installed,automatic] +iputils-tracepath/focal,now 3:20190709-3 amd64 [installed,automatic] +irqbalance/focal,now 1.6.0-3ubuntu1 amd64 [installed,automatic] +isc-dhcp-client/focal-updates,now 4.4.1-2.1ubuntu5.20.04.5 amd64 [installed,automatic] +isc-dhcp-common/focal-updates,now 4.4.1-2.1ubuntu5.20.04.5 amd64 [installed,automatic] +iso-codes/focal,now 4.4-1 all [installed,automatic] +iw/focal,now 5.4-1 amd64 [installed,automatic] +jq/focal-updates,now 1.6-1ubuntu0.20.04.1 amd64 [installed] +kbd/focal,now 2.0.4-4ubuntu2 amd64 [installed,automatic] +kcapi-tools/now 1.1.5-1fips1 amd64 [installed,local] +keyboard-configuration/focal,now 1.194ubuntu3 all [installed,automatic] +keyutils/focal-updates,now 1.6-6ubuntu1.1 amd64 [installed] +klibc-utils/focal-updates,focal-security,now 2.0.7-1ubuntu5.1 amd64 [installed,automatic] +kmod/focal-updates,now 27-1ubuntu2.1 amd64 [installed] +kpartx/focal-updates,focal-security,now 0.8.3-1ubuntu2.1 amd64 [installed,automatic] +krb5-locales/focal-updates,focal-security,now 1.17-6ubuntu4.3 all [installed,automatic] +landscape-common/focal-updates,now 19.12-0ubuntu4.3 amd64 [installed] +language-selector-common/focal-updates,now 0.204.2 all [installed,automatic] +less/focal-updates,now 551-1ubuntu0.1 amd64 [installed,automatic] +libaccountsservice0/focal-updates,focal-security,now 0.6.55-0ubuntu12~20.04.6 amd64 [installed,automatic] +libacl1/focal,now 2.2.53-6 amd64 [installed,automatic] +libaio1/focal,now 0.3.112-5 amd64 [installed,automatic] +libapparmor1/focal-updates,now 2.13.3-7ubuntu5.2 amd64 [installed,automatic] +libappstream4/focal,now 0.12.10-2 amd64 [installed,automatic] +libapt-pkg6.0/focal-updates,now 2.0.9 amd64 [installed,automatic] +libarchive13/focal-updates,focal-security,now 3.4.0-2ubuntu1.2 amd64 [installed,automatic] +libargon2-1/focal,now 0~20171227-0.2 amd64 [installed,automatic] +libasan5/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libasn1-8-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libasound2-data/focal-updates,now 1.2.2-2.1ubuntu2.5 all [installed,automatic] +libasound2/focal-updates,now 1.2.2-2.1ubuntu2.5 amd64 [installed,automatic] +libassuan0/focal,now 2.5.3-7ubuntu2 amd64 [installed,automatic] +libatasmart4/focal,now 0.19-5 amd64 [installed,automatic] +libatm1/focal,now 1:2.5.1-4 amd64 [installed,automatic] +libatomic1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libattr1/focal,now 1:2.4.48-5 amd64 [installed,automatic] +libaudit-common/focal,now 1:2.8.5-2ubuntu6 all [installed,automatic] +libaudit1/focal,now 1:2.8.5-2ubuntu6 amd64 [installed,automatic] +libbabeltrace1/focal,now 1.5.8-1build1 amd64 [installed,automatic] +libbinutils/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libblkid1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libblockdev-crypto2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-fs2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-loop2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-part-err2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-part2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-swap2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-utils2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libboost-context1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-iostreams1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-program-options1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-thread1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libbrotli1/focal-updates,focal-security,now 1.0.7-6ubuntu0.1 amd64 [installed,automatic] +libbsd0/focal,now 0.10.0-1 amd64 [installed,automatic] +libbz2-1.0/focal,now 1.0.8-2 amd64 [installed,automatic] +libc-bin/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc-dev-bin/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc6-dev/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc6/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libcanberra0/focal,now 0.30-7ubuntu1 amd64 [installed,automatic] +libcap-ng0/focal,now 0.7.9-2.1build1 amd64 [installed,automatic] +libcap2-bin/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libcap2/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libcbor0.6/focal,now 0.6.0-0ubuntu1 amd64 [installed,automatic] +libcc1-0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libcephfs2/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +libcom-err2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libcrack2/focal,now 2.9.6-3.2 amd64 [installed,automatic] +libcrypt-dev/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic] +libcrypt1/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic] +libcryptsetup12/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +libctf-nobfd0/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libctf0/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libcurl3-gnutls/focal-updates,focal-security,now 7.68.0-1ubuntu2.19 amd64 [installed,automatic] +libcurl4/focal-updates,focal-security,now 7.68.0-1ubuntu2.19 amd64 [installed,automatic] +libdb5.3/focal,now 5.3.28+dfsg1-0.6ubuntu2 amd64 [installed,automatic] +libdbus-1-3/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +libdconf1/focal,now 0.36.0-1 amd64 [installed,automatic] +libdebconfclient0/focal,now 0.251ubuntu1 amd64 [installed] +libdevmapper-event1.02.1/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +libdevmapper1.02.1/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +libdns-export1109/focal-updates,now 1:9.11.16+dfsg-3~ubuntu1 amd64 [installed,automatic] +libdpkg-perl/focal-updates,focal-security,now 1.19.7ubuntu3.2 all [installed,automatic] +libdrm-common/focal-updates,focal-security,now 2.4.107-8ubuntu1~20.04.2 all [installed,automatic] +libdrm2/focal-updates,focal-security,now 2.4.107-8ubuntu1~20.04.2 amd64 [installed,automatic] +libdw1/focal,now 0.176-1.1build1 amd64 [installed] +libeatmydata1/focal,now 105-7 amd64 [installed] +libedit2/focal,now 3.1-20191231-1 amd64 [installed,automatic] +libefiboot1/focal-updates,now 37-2ubuntu2.2 amd64 [installed,automatic] +libefivar1/focal-updates,now 37-2ubuntu2.2 amd64 [installed,automatic] +libelf1/focal,now 0.176-1.1build1 amd64 [installed,automatic] +liberror-perl/focal,now 0.17029-1 all [installed,automatic] +libestr0/focal,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-7/focal,now 2.1.11-stable-1 amd64 [installed,automatic] +libexpat1/focal-updates,focal-security,now 2.2.9-1ubuntu0.6 amd64 [installed,automatic] +libext2fs2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libfastjson4/focal,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libffi7/focal,now 3.3-4 amd64 [installed,automatic] +libfido2-1/focal,now 1.3.1-1ubuntu2 amd64 [installed,automatic] +libfl2/focal,now 2.6.4-6.2 amd64 [installed,automatic] +libfreetype6/focal-updates,focal-security,now 2.10.1-2ubuntu0.3 amd64 [installed,automatic] +libfribidi0/focal-updates,focal-security,now 1.0.8-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/focal,now 2.9.9-3 amd64 [installed,automatic] +libfwupd2/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed,automatic] +libfwupdplugin1/focal-updates,now 1.5.11-0ubuntu1~20.04.2 amd64 [installed] +libfwupdplugin5/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed,automatic] +libgcab-1.0-0/focal,now 1.4-1 amd64 [installed,automatic] +libgcc-9-dev/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libgcc-s1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libgcrypt20-hmac/now 1.8.5-5ubuntu1.fips.1.7 amd64 [installed,local] +libgcrypt20/now 1.8.5-5ubuntu1.fips.1.7 amd64 [installed,local] +libgdbm-compat4/focal,now 1.18.1-5 amd64 [installed,automatic] +libgdbm6/focal,now 1.18.1-5 amd64 [installed,automatic] +libgfapi0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfchangelog0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfrpc0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfxdr0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgirepository-1.0-1/focal-updates,now 1.64.1-1~ubuntu20.04.1 amd64 [installed,automatic] +libglib2.0-0/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 amd64 [installed,automatic] +libglib2.0-bin/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 amd64 [installed,automatic] +libglib2.0-data/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 all [installed,automatic] +libglusterfs0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgmp10/focal-updates,focal-security,now 2:6.2.0+dfsg-4ubuntu0.1 amd64 [installed,automatic] +libgnutls30/focal-updates,focal-security,now 3.6.13-2ubuntu1.8 amd64 [installed,automatic] +libgomp1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libgoogle-perftools4/focal,now 2.7-1ubuntu2 amd64 [installed,automatic] +libgpg-error0/focal,now 1.37-1 amd64 [installed,automatic] +libgpgme11/focal-updates,now 1.13.1-7ubuntu2.1 amd64 [installed,automatic] +libgpm2/focal,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libgssapi3-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libgstreamer1.0-0/focal-updates,focal-security,now 1.16.3-0ubuntu1.1 amd64 [installed,automatic] +libgudev-1.0-0/focal,now 1:233-1 amd64 [installed,automatic] +libgusb2/focal,now 0.3.4-0.1 amd64 [installed,automatic] +libhcrypto4-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libheimbase1-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libheimntlm0-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libhogweed5/focal-updates,focal-security,now 3.5.1+really3.5.1-2ubuntu0.2 amd64 [installed,automatic] +libhx509-5-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libibverbs1/focal,now 28.0-1ubuntu1 amd64 [installed,automatic] +libicu66/focal-updates,focal-security,now 66.1-2ubuntu2.1 amd64 [installed,automatic] +libidn2-0/focal,now 2.2.0-2 amd64 [installed,automatic] +libinotifytools0/focal,now 3.14-8 amd64 [installed,automatic] +libip4tc2/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libip6tc2/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libipset13/focal-updates,now 7.5-1ubuntu0.20.04.1 amd64 [installed,automatic] +libisc-export1105/focal-updates,now 1:9.11.16+dfsg-3~ubuntu1 amd64 [installed,automatic] +libisl22/focal,now 0.22.1-1 amd64 [installed,automatic] +libisns0/focal,now 0.97-3 amd64 [installed,automatic] +libitm1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libjansson4/focal,now 2.12-1build1 amd64 [installed,automatic] +libjcat1/focal-updates,now 0.1.4-0ubuntu0.20.04.1 amd64 [installed,automatic] +libjq1/focal-updates,now 1.6-1ubuntu0.20.04.1 amd64 [installed,automatic] +libjson-c4/focal-updates,focal-security,now 0.13.1+dfsg-7ubuntu0.3 amd64 [installed,automatic] +libjson-glib-1.0-0/focal,now 1.4.4-2ubuntu2 amd64 [installed,automatic] +libjson-glib-1.0-common/focal,now 1.4.4-2ubuntu2 all [installed,automatic] +libk5crypto3/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libkcapi1/now 1.1.5-1fips1 amd64 [installed,local] +libkeyutils1/focal-updates,now 1.6-6ubuntu1.1 amd64 [installed,automatic] +libklibc/focal-updates,focal-security,now 2.0.7-1ubuntu5.1 amd64 [installed,automatic] +libkmod2/focal-updates,now 27-1ubuntu2.1 amd64 [installed,automatic] +libkrb5-26-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libkrb5-3/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libkrb5support0/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libksba8/focal-updates,focal-security,now 1.3.5-2ubuntu0.20.04.2 amd64 [installed,automatic] +libldap-2.4-2/focal-updates,focal-security,now 2.4.49+dfsg-2ubuntu1.9 amd64 [installed,automatic] +libldap-common/focal-updates,focal-security,now 2.4.49+dfsg-2ubuntu1.9 all [installed,automatic] +libleveldb1d/focal,now 1.22-3ubuntu2 amd64 [installed,automatic] +liblmdb0/focal,now 0.9.24-1 amd64 [installed,automatic] +liblocale-gettext-perl/focal,now 1.07-4 amd64 [installed,automatic] +liblsan0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libltdl7/focal,now 2.4.6-14 amd64 [installed,automatic] +liblvm2cmd2.03/focal,now 2.03.07-1ubuntu1 amd64 [installed,automatic] +liblz4-1/focal-updates,focal-security,now 1.9.2-2ubuntu0.20.04.1 amd64 [installed,automatic] +liblzma5/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed,automatic] +liblzo2-2/focal,now 2.10-2 amd64 [installed,automatic] +libmagic-mgc/focal,now 1:5.38-4 amd64 [installed,automatic] +libmagic1/focal,now 1:5.38-4 amd64 [installed,automatic] +libmaxminddb0/focal-updates,focal-security,now 1.4.2-0ubuntu1.20.04.1 amd64 [installed,automatic] +libmbim-glib4/focal-updates,now 1.26.2-1~ubuntu20.04.1 amd64 [installed,automatic] +libmbim-proxy/focal-updates,now 1.26.2-1~ubuntu20.04.1 amd64 [installed,automatic] +libmm-glib0/focal-updates,now 1.18.6-1~ubuntu20.04.1 amd64 [installed,automatic] +libmnl0/focal,now 1.0.4-2 amd64 [installed,automatic] +libmount1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libmpc3/focal,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/focal,now 2.4.2-3 amd64 [installed,automatic] +libmpfr6/focal,now 4.0.2-1 amd64 [installed,automatic] +libncurses6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libncursesw6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libnetfilter-conntrack3/focal,now 1.0.7-2 amd64 [installed,automatic] +libnetplan0/focal-updates,now 0.104-0ubuntu2~20.04.2 amd64 [installed,automatic] +libnettle7/focal-updates,focal-security,now 3.5.1+really3.5.1-2ubuntu0.2 amd64 [installed,automatic] +libnewt0.52/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +libnfnetlink0/focal,now 1.0.1-3build1 amd64 [installed,automatic] +libnfsidmap2/focal,now 0.25-5.1ubuntu1 amd64 [installed,automatic] +libnftables1/focal,now 0.9.3-2 amd64 [installed,automatic] +libnftnl11/focal,now 1.1.5-1 amd64 [installed,automatic] +libnghttp2-14/focal-updates,focal-security,now 1.40.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-genl-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-route-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnpth0/focal,now 1.6-1 amd64 [installed,automatic] +libnspr4/focal,now 2:4.25-1 amd64 [installed,automatic] +libnss-systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libnss3/focal-updates,focal-security,now 2:3.49.1-1ubuntu1.9 amd64 [installed,automatic] +libntfs-3g883/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] +libnuma1/focal,now 2.0.12-1 amd64 [installed,automatic] +liboath0/focal,now 2.6.1-1.3 amd64 [installed,automatic] +libogg0/focal,now 1.3.4-0ubuntu1 amd64 [installed,automatic] +libonig5/focal,now 6.9.4-1 amd64 [installed,automatic] +libp11-kit0/focal-updates,focal-security,now 0.23.20-1ubuntu0.1 amd64 [installed,automatic] +libpackagekit-glib2-18/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +libpam-cap/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libpam-modules-bin/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libpam-modules/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libpam-pwquality/focal,now 1.4.2-1build1 amd64 [installed] +libpam-runtime/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 all [installed,automatic] +libpam-systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libpam0g/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libparted-fs-resize0/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +libparted2/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +libpcap0.8/focal,now 1.9.1-3 amd64 [installed,automatic] +libpci3/focal-updates,now 1:3.6.4-1ubuntu0.20.04.1 amd64 [installed,automatic] +libpcre2-8-0/focal-updates,focal-security,now 10.34-7ubuntu0.1 amd64 [installed,automatic] +libpcre3/focal-updates,focal-security,now 2:8.39-12ubuntu0.1 amd64 [installed,automatic] +libperl5.30/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +libpipeline1/focal,now 1.5.2-2build1 amd64 [installed,automatic] +libplymouth5/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +libpng16-16/focal,now 1.6.37-2 amd64 [installed,automatic] +libpolkit-agent-1-0/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +libpolkit-gobject-1-0/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +libpopt0/focal,now 1.16-14 amd64 [installed,automatic] +libprocps8/focal-updates,now 2:3.3.16-1ubuntu2.3 amd64 [installed,automatic] +libproxy1v5/focal-updates,focal-security,now 0.4.15-10ubuntu1.2 amd64 [installed,automatic] +libpsl5/focal,now 0.21.0-1ubuntu1 amd64 [installed,automatic] +libpwquality-common/focal,now 1.4.2-1build1 all [installed,automatic] +libpwquality-tools/focal,now 1.4.2-1build1 amd64 [installed] +libpwquality1/focal,now 1.4.2-1build1 amd64 [installed,automatic] +libpython2-stdlib/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +libpython2.7-minimal/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +libpython3-stdlib/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +libpython3.8-minimal/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libpython3.8-stdlib/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libpython3.8/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libqmi-glib5/focal-updates,now 1.30.4-1~ubuntu20.04.1 amd64 [installed,automatic] +libqmi-proxy/focal-updates,now 1.30.4-1~ubuntu20.04.1 amd64 [installed,automatic] +libquadmath0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +librabbitmq4/focal,now 0.10.0-1 amd64 [installed,automatic] +librados2/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +libradosstriper1/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +librbd1/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +librdmacm1/focal,now 28.0-1ubuntu1 amd64 [installed,automatic] +libreadline5/focal,now 5.2+dfsg-3build3 amd64 [installed,automatic] +libreadline8/focal,now 8.0-4 amd64 [installed,automatic] +libroken18-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +librtmp1/focal,now 2.4+20151223.gitfa8646d.1-2build1 amd64 [installed,automatic] +libsasl2-2/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libsasl2-modules-db/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libsasl2-modules/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libseccomp2/focal-updates,focal-security,now 2.5.1-1ubuntu1~20.04.2 amd64 [installed,automatic] +libselinux1/focal,now 3.0-1build2 amd64 [installed,automatic] +libsemanage-common/focal,now 3.0-1build2 all [installed,automatic] +libsemanage1/focal,now 3.0-1build2 amd64 [installed,automatic] +libsensors-config/focal-updates,now 1:3.6.0-2ubuntu1.1 all [installed,automatic] +libsensors5/focal-updates,now 1:3.6.0-2ubuntu1.1 amd64 [installed,automatic] +libsepol1/focal-updates,focal-security,now 3.0-1ubuntu0.1 amd64 [installed,automatic] +libsgutils2-2/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] +libsigsegv2/focal,now 2.12-2 amd64 [installed,automatic] +libslang2/focal,now 2.3.2-4 amd64 [installed,automatic] +libsmartcols1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libsmbios-c2/focal,now 2.4.3-1 amd64 [installed,automatic] +libsnappy1v5/focal,now 1.1.8-1build1 amd64 [installed,automatic] +libsodium23/focal,now 1.0.18-1 amd64 [installed] +libsoup2.4-1/focal,now 2.70.0-1 amd64 [installed,automatic] +libsqlite3-0/focal-updates,focal-security,now 3.31.1-4ubuntu0.5 amd64 [installed,automatic] +libss2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libssh-4/focal-updates,focal-security,now 0.9.3-2ubuntu2.3 amd64 [installed,automatic] +libssl1.1-hmac/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] +libssl1.1/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] +libstdc++-9-dev/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libstdc++6/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libstemmer0d/focal,now 0+svn585-2 amd64 [installed,automatic] +libsysfs2/focal,now 2.1.0+repack-6 amd64 [installed,automatic] +libsystemd0/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libtalloc2/focal-updates,focal-security,now 2.3.3-0ubuntu0.20.04.1 amd64 [installed] +libtasn1-6/focal,now 4.16.0-2 amd64 [installed,automatic] +libtcmalloc-minimal4/focal,now 2.7-1ubuntu2 amd64 [installed,automatic] +libtdb1/focal-updates,focal-security,now 1.4.5-0ubuntu0.20.04.1 amd64 [installed,automatic] +libtevent0/focal-updates,focal-security,now 0.11.0-0ubuntu0.20.04.1 amd64 [installed] +libtext-charwidth-perl/focal,now 0.04-10 amd64 [installed,automatic] +libtext-iconv-perl/focal,now 1.7-7 amd64 [installed,automatic] +libtext-wrapi18n-perl/focal,now 0.06-9 all [installed,automatic] +libtinfo6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libtirpc-common/focal-updates,focal-security,now 1.2.5-1ubuntu0.1 all [installed,automatic] +libtirpc3/focal-updates,focal-security,now 1.2.5-1ubuntu0.1 amd64 [installed,automatic] +libtsan0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libtss2-esys0/focal-updates,now 2.3.2-1ubuntu0.20.04.1 amd64 [installed,automatic] +libubsan1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libuchardet0/focal,now 0.0.6-3build1 amd64 [installed,automatic] +libudev1/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libudisks2-0/focal-updates,now 2.8.4-1ubuntu2 amd64 [installed,automatic] +libunistring2/focal,now 0.9.10-2 amd64 [installed,automatic] +libunwind8/focal-updates,now 1.2.1-9ubuntu0.1 amd64 [installed,automatic] +liburcu6/focal,now 0.11.1-2 amd64 [installed,automatic] +libusb-1.0-0/focal,now 2:1.0.23-2build1 amd64 [installed,automatic] +libutempter0/focal,now 1.1.6-4 amd64 [installed,automatic] +libuuid1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libuv1/focal-updates,focal-security,now 1.34.2-1ubuntu1.3 amd64 [installed,automatic] +libvolume-key1/focal,now 0.3.12-3.1 amd64 [installed,automatic] +libvorbis0a/focal,now 1.3.6-2ubuntu1 amd64 [installed,automatic] +libvorbisfile3/focal,now 1.3.6-2ubuntu1 amd64 [installed,automatic] +libwbclient0/focal-updates,now 2:4.15.13+dfsg-0ubuntu0.20.04.4 amd64 [installed] +libwind0-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libwrap0/focal,now 7.6.q-30 amd64 [installed] +libx11-6/focal-updates,focal-security,now 2:1.6.9-2ubuntu1.5 amd64 [installed,automatic] +libx11-data/focal-updates,focal-security,now 2:1.6.9-2ubuntu1.5 all [installed,automatic] +libxau6/focal,now 1:1.0.9-0ubuntu1 amd64 [installed,automatic] +libxcb1/focal,now 1.14-2 amd64 [installed,automatic] +libxdmcp6/focal,now 1:1.1.3-0ubuntu1 amd64 [installed,automatic] +libxext6/focal,now 2:1.3.4-0ubuntu1 amd64 [installed,automatic] +libxml2/focal-updates,focal-security,now 2.9.10+dfsg-5ubuntu0.20.04.6 amd64 [installed,automatic] +libxmlb1/focal-updates,now 0.1.15-2ubuntu1~20.04.1 amd64 [installed] +libxmlb2/focal-updates,now 0.3.6-2build1~20.04.1 amd64 [installed,automatic] +libxmuu1/focal,now 2:1.1.3-0ubuntu1 amd64 [installed,automatic] +libxtables12/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/focal,now 0.2.2-1 amd64 [installed,automatic] +libzstd1/focal-updates,focal-security,now 1.4.4+dfsg-3ubuntu0.1 amd64 [installed,automatic] +linux-azure-5.15-cloud-tools-5.15.0-1042/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-azure-5.15-headers-5.15.0-1042/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 all [installed] +linux-azure-5.15-tools-5.15.0-1042/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-azure-fips-cloud-tools-5.4.0-1112/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-azure-fips-headers-5.4.0-1112/now 5.4.0-1112.118+fips1 all [installed,local] +linux-azure-fips-tools-5.4.0-1112/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-base-sgx/focal-updates,now 4.5ubuntu3.7 all [installed] +linux-base/focal-updates,now 4.5ubuntu3.7 all [installed,automatic] +linux-cloud-tools-5.15.0-1042-azure/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-cloud-tools-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-cloud-tools-azure/focal-updates,focal-security,now 5.15.0.1042.49~20.04.32 amd64 [installed] +linux-cloud-tools-common/focal-updates,focal-security,now 5.4.0-156.173 all [installed] +linux-headers-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-headers-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-image-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-image-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-image-hmac-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-libc-dev/focal-updates,focal-security,now 5.4.0-156.173 amd64 [installed,automatic] +linux-modules-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-modules-extra-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-tools-5.15.0-1042-azure/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-tools-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-tools-azure/focal-updates,focal-security,now 5.15.0.1042.49~20.04.32 amd64 [installed] +linux-tools-common/focal-updates,focal-security,now 5.4.0-156.173 all [installed] +locales/focal-updates,now 2.31-0ubuntu9.9 all [installed,automatic] +login/focal-updates,focal-security,now 1:4.8.1-1ubuntu5.20.04.4 amd64 [installed,automatic] +logrotate/focal,now 3.14.0-4ubuntu3 amd64 [installed,automatic] +logsave/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +lsb-base/focal,now 11.1.0ubuntu2 all [installed,automatic] +lsb-release/focal,now 11.1.0ubuntu2 all [installed,automatic] +lshw/focal-updates,now 02.18.85-0.3ubuntu2.20.04.1 amd64 [installed,automatic] +lsof/focal-updates,now 4.93.2+dfsg-1ubuntu0.20.04.1 amd64 [installed,automatic] +lsscsi/focal,now 0.30-0.1 amd64 [installed] +ltrace/focal,now 0.7.3-6.1ubuntu1 amd64 [installed,automatic] +lvm2/focal,now 2.03.07-1ubuntu1 amd64 [installed] +lxd-agent-loader/focal,now 0.4 all [installed] +lz4/focal-updates,focal-security,now 1.9.2-2ubuntu0.20.04.1 amd64 [installed,automatic] +make/focal,now 4.2.1-1.2 amd64 [installed] +man-db/focal,now 2.9.1-1 amd64 [installed,automatic] +manpages/focal,now 5.05-1 all [installed,automatic] +mawk/focal,now 1.3.4.20200120-2 amd64 [installed,automatic] +mdadm/focal-updates,now 4.1-5ubuntu1.2 amd64 [installed] +mime-support/focal,now 3.64ubuntu1 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu20.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu20.04u1] +moby-runc/testing,focal,now 1.1.7+azure-ubuntu20.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu20.04u1] +modemmanager/focal-updates,now 1.18.6-1~ubuntu20.04.1 amd64 [installed,automatic] +mokutil/focal-updates,now 0.6.0-2~20.04.1 amd64 [installed] +motd-news-config/focal-updates,now 11ubuntu5.7 all [installed] +mount/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] +mtr-tiny/focal,now 0.93-1 amd64 [installed,automatic] +multipath-tools/focal-updates,focal-security,now 0.8.3-1ubuntu2.1 amd64 [installed] +nano/focal,now 4.8-1ubuntu1 amd64 [installed,automatic] +ncurses-base/focal-updates,focal-security,now 6.2-0ubuntu2.1 all [installed] +ncurses-bin/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed] +ncurses-term/focal-updates,focal-security,now 6.2-0ubuntu2.1 all [installed] +netbase/focal,now 6.1 all [installed,automatic] +netcat-openbsd/focal,now 1.206-1ubuntu1 amd64 [installed,automatic] +netcat/focal,now 1.206-1ubuntu1 all [installed] +netplan.io/focal-updates,now 0.104-0ubuntu2~20.04.2 amd64 [installed,automatic] +networkd-dispatcher/focal-updates,focal-security,now 2.1-2~ubuntu20.04.3 all [installed,automatic] +nfs-common/focal-updates,now 1:1.3.4-2.5ubuntu3.4 amd64 [installed] +nftables/focal,now 0.9.3-2 amd64 [installed] +ntfs-3g/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] +nvme-cli/focal-updates,now 1.9-1ubuntu0.1 amd64 [installed] +open-iscsi/focal-updates,focal-security,now 2.0.874-7.1ubuntu6.4 amd64 [installed] +openssh-client/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-sftp-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssl/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] +os-prober/focal,now 1.74ubuntu2 amd64 [installed,automatic] +overlayroot/focal-updates,now 0.45ubuntu2 all [installed] +packagekit-tools/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +packagekit/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +packages-microsoft-prod/focal,now 1.0-ubuntu20.04.1 all [installed] +parted/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +passwd/focal-updates,focal-security,now 1:4.8.1-1ubuntu5.20.04.4 amd64 [installed,automatic] +pastebinit/focal,now 1.5.1-1 all [installed,automatic] +patch/focal,now 2.7.6-6 amd64 [installed] +pci.ids/focal,now 0.0~2020.03.20-1 all [installed,automatic] +pciutils/focal-updates,now 1:3.6.4-1ubuntu0.20.04.1 amd64 [installed,automatic] +perl-base/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +perl-modules-5.30/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 all [installed,automatic] +perl/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +pigz/focal,now 2.4-1 amd64 [installed] +pinentry-curses/focal,now 1.1.0-3build1 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +plymouth/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +policykit-1/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +pollinate/focal-updates,now 4.33-3ubuntu1.20.04.1 all [installed] +popularity-contest/focal,now 1.69ubuntu1 all [installed,automatic] +powermgmt-base/focal,now 1.36 all [installed,automatic] +procps/focal-updates,now 2:3.3.16-1ubuntu2.3 amd64 [installed,automatic] +psmisc/focal,now 23.3-1 amd64 [installed,automatic] +publicsuffix/focal,now 20200303.0012-1 all [installed,automatic] +python-apt-common/focal-updates,now 2.0.1ubuntu0.20.04.1 all [installed,automatic] +python-is-python2/focal,now 2.7.17-4 all [installed] +python2-minimal/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +python2.7-minimal/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +python2.7/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +python2/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +python3-apt/focal-updates,now 2.0.1ubuntu0.20.04.1 amd64 [installed,automatic] +python3-attr/focal,now 19.3.0-2 all [installed,automatic] +python3-automat/focal,now 0.8.0-1ubuntu1 all [installed,automatic] +python3-blinker/focal,now 1.4+dfsg1-0.3ubuntu1 all [installed,automatic] +python3-ceph-argparse/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-ceph-common/focal-updates,now 15.2.17-0ubuntu0.20.04.4 all [installed,automatic] +python3-cephfs/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-certifi/focal,now 2019.11.28-1 all [installed,automatic] +python3-cffi-backend/focal,now 1.14.0-1build1 amd64 [installed,automatic] +python3-chardet/focal,now 3.0.4-4build1 all [installed,automatic] +python3-click/focal,now 7.0-3 all [installed,automatic] +python3-colorama/focal,now 0.4.3-1build1 all [installed,automatic] +python3-commandnotfound/focal-updates,now 20.04.6 all [installed,automatic] +python3-configobj/focal,now 5.0.6-4 all [installed,automatic] +python3-constantly/focal,now 15.1.0-1build1 all [installed,automatic] +python3-cryptography/focal-updates,focal-security,now 2.8-3ubuntu0.1 amd64 [installed,automatic] +python3-dbus/focal,now 1.2.16-1build1 amd64 [installed,automatic] +python3-debconf/focal,now 1.5.73 all [installed,automatic] +python3-debian/focal-updates,now 0.1.36ubuntu1.1 all [installed,automatic] +python3-distro-info/focal-updates,now 0.23ubuntu1.1 all [installed,automatic] +python3-distro/focal,now 1.4.0-1 all [installed,automatic] +python3-distupgrade/focal-updates,now 1:20.04.41 all [installed,automatic] +python3-distutils/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 all [installed] +python3-entrypoints/focal,now 0.3-2ubuntu1 all [installed,automatic] +python3-gdbm/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 amd64 [installed,automatic] +python3-gi/focal,now 3.36.0-1 amd64 [installed,automatic] +python3-hamcrest/focal,now 1.9.0-3 all [installed,automatic] +python3-httplib2/focal,now 0.14.0-1ubuntu1 all [installed,automatic] +python3-hyperlink/focal,now 19.0.0-1 all [installed,automatic] +python3-idna/focal,now 2.8-1 all [installed,automatic] +python3-importlib-metadata/focal,now 1.5.0-1 all [installed] +python3-incremental/focal,now 16.10.1-3.2 all [installed,automatic] +python3-jinja2/focal,now 2.10.1-2 all [installed] +python3-json-pointer/focal,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/focal,now 1.23-3 all [installed] +python3-jsonschema/focal,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/focal-updates,focal-security,now 1.7.1-2ubuntu2.1 all [installed,automatic] +python3-keyring/focal,now 18.0.1-2ubuntu1 all [installed,automatic] +python3-launchpadlib/focal,now 1.10.13-1 all [installed,automatic] +python3-lazr.restfulclient/focal,now 0.14.2-2build1 all [installed,automatic] +python3-lazr.uri/focal,now 1.0.3-4build1 all [installed,automatic] +python3-lib2to3/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 all [installed] +python3-markupsafe/focal,now 1.1.0-1build2 amd64 [installed] +python3-minimal/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +python3-more-itertools/focal,now 4.2.0-1build1 all [installed] +python3-nacl/focal,now 1.3.0-5 amd64 [installed] +python3-netifaces/focal,now 0.10.4-1ubuntu4 amd64 [installed,automatic] +python3-newt/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +python3-oauthlib/focal,now 3.1.0-1ubuntu2 all [installed,automatic] +python3-openssl/focal,now 19.0.0-1build1 all [installed,automatic] +python3-parted/focal,now 3.11.2-11.1build1 amd64 [installed] +python3-pexpect/focal,now 4.6.0-1build1 all [installed,automatic] +python3-pkg-resources/focal-updates,focal-security,now 45.2.0-1ubuntu0.1 all [installed,automatic] +python3-prettytable/focal,now 0.7.2-5 all [installed,automatic] +python3-ptyprocess/focal,now 0.6.0-1ubuntu1 all [installed,automatic] +python3-pyasn1-modules/focal,now 0.2.1-0.2build1 all [installed,automatic] +python3-pyasn1/focal,now 0.4.2-3build1 all [installed,automatic] +python3-pymacaroons/focal,now 0.13.0-3 all [installed] +python3-pyrsistent/focal,now 0.15.5-1build1 amd64 [installed] +python3-rados/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-rbd/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-requests-unixsocket/focal,now 0.2.0-2 all [installed,automatic] +python3-requests/focal-updates,focal-security,now 2.22.0-2ubuntu1.1 all [installed,automatic] +python3-secretstorage/focal,now 2.3.1-2ubuntu1 all [installed,automatic] +python3-serial/focal,now 3.4-5.1 all [installed] +python3-service-identity/focal,now 18.1.0-5build1 all [installed,automatic] +python3-setuptools/focal-updates,focal-security,now 45.2.0-1ubuntu0.1 all [installed] +python3-simplejson/focal,now 3.16.0-2ubuntu2 amd64 [installed,automatic] +python3-six/focal,now 1.14.0-2 all [installed,automatic] +python3-software-properties/focal-updates,now 0.99.9.11 all [installed,automatic] +python3-twisted-bin/focal-updates,focal-security,now 18.9.0-11ubuntu0.20.04.2 amd64 [installed,automatic] +python3-twisted/focal-updates,focal-security,now 18.9.0-11ubuntu0.20.04.2 all [installed,automatic] +python3-update-manager/focal-updates,now 1:20.04.10.11 all [installed,automatic] +python3-urllib3/focal-updates,focal-security,now 1.25.8-2ubuntu0.2 all [installed,automatic] +python3-wadllib/focal,now 1.3.3-3build1 all [installed,automatic] +python3-yaml/focal-updates,focal-security,now 5.3.1-1ubuntu0.1 amd64 [installed,automatic] +python3-zipp/focal,now 1.0.0-1 all [installed] +python3-zope.interface/focal,now 4.7.1-1 amd64 [installed,automatic] +python3.8-minimal/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +python3.8/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +python3/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +readline-common/focal,now 8.0-4 all [installed,automatic] +rng-tools/focal,now 5-1ubuntu2 amd64 [installed] +rpcbind/focal,now 1.2.5-8 amd64 [installed,automatic] +rsync/focal-updates,focal-security,now 3.1.3-8ubuntu0.5 amd64 [installed,automatic] +rsyslog/focal-updates,focal-security,now 8.2001.0-1ubuntu1.3 amd64 [installed,automatic] +run-one/focal,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/focal-updates,now 0.9.2-2ubuntu1.1 amd64 [installed,automatic] +screen/focal-updates,focal-security,now 4.8.0-1ubuntu0.1 amd64 [installed] +secureboot-db/focal,now 1.5 amd64 [installed,automatic] +sed/focal,now 4.7-1 amd64 [installed,automatic] +sensible-utils/focal,now 0.0.12+nmu1 all [installed,automatic] +sg3-utils-udev/focal,now 1.44-1ubuntu2 all [installed,automatic] +sg3-utils/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] +shared-mime-info/focal,now 1.15-1 amd64 [installed,automatic] +shim-signed/focal-security,now 1.40.7+15.4-0ubuntu9 amd64 [installed,upgradable to: 1.40.9+15.7-0ubuntu1] +socat/focal,now 1.7.3.3-2 amd64 [installed] +software-properties-common/focal-updates,now 0.99.9.11 all [installed] +sosreport/focal-updates,now 4.5.6-0ubuntu1~20.04.1 amd64 [installed] +sound-theme-freedesktop/focal,now 0.8-2ubuntu1 all [installed,automatic] +ssh-import-id/focal,now 5.10-0ubuntu1 all [installed] +strace/focal-updates,now 5.5-3ubuntu1 amd64 [installed,automatic] +sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.5 amd64 [installed,automatic] +sysfsutils/focal,now 2.1.0+repack-6 amd64 [installed] +sysstat/focal-updates,focal-security,now 12.2.0-2ubuntu0.3 amd64 [installed] +systemd-sysv/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +sysvinit-utils/focal,now 2.96-2.1ubuntu1 amd64 [installed] +tar/focal-updates,focal-security,now 1.30+dfsg-7ubuntu0.20.04.3 amd64 [installed,automatic] +tcpdump/focal-updates,now 4.9.3-4ubuntu0.2 amd64 [installed,automatic] +telnet/focal,now 0.17-41.2build1 amd64 [installed,automatic] +thin-provisioning-tools/focal,now 0.8.5-4build1 amd64 [installed,automatic] +time/focal,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/focal-updates,focal-security,now 3.0a-2ubuntu0.4 amd64 [installed] +tpm-udev/focal,now 0.4 all [installed,automatic] +traceroute/focal,now 1:2.1.0-2 amd64 [installed] +tzdata/focal-updates,now 2023c-0ubuntu0.20.04.2 all [installed,automatic] +ubuntu-advantage-tools/focal-updates,now 28.1~20.04 amd64 [installed,automatic] +ubuntu-azure-fips/now 1.2.5+updates1 amd64 [installed,local] +ubuntu-keyring/focal-updates,now 2020.02.11.4 all [installed,automatic] +ubuntu-minimal/focal-updates,now 1.450.2 amd64 [installed] +ubuntu-release-upgrader-core/focal-updates,now 1:20.04.41 all [installed,automatic] +ubuntu-standard/focal-updates,now 1.450.2 amd64 [installed] +ucf/focal,now 3.0038+nmu1 all [installed,automatic] +udev/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +udisks2/focal-updates,now 2.8.4-1ubuntu2 amd64 [installed,automatic] +ufw/focal-updates,now 0.36-6ubuntu1.1 all [installed,automatic] +unattended-upgrades/focal-updates,now 2.3ubuntu0.3 all [installed,automatic] +update-manager-core/focal-updates,now 1:20.04.10.11 all [installed,automatic] +update-notifier-common/focal-updates,now 3.192.30.17 all [installed] +usb-modeswitch-data/focal,now 20191128-3 all [installed,automatic] +usb-modeswitch/focal,now 2.5.2+repack0-2ubuntu3 amd64 [installed,automatic] +usb.ids/focal,now 2020.03.19-1 all [installed,automatic] +usbutils/focal,now 1:012-2 amd64 [installed,automatic] +util-linux/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] +uuid-runtime/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +vim-common/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-runtime/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-tiny/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] +vim/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed] +walinuxagent/focal-updates,now 2.2.46-0ubuntu1.2 amd64 [installed] +wget/focal-updates,now 1.20.3-1ubuntu2 amd64 [installed,automatic] +whiptail/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +wireless-regdb/focal-updates,focal-security,now 2022.06.06-0ubuntu1~20.04.1 all [installed,automatic] +xauth/focal,now 1:1.1-0ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/focal,now 0.17-2ubuntu1 amd64 [installed,automatic] +xfsprogs/focal,now 5.3.0-1ubuntu2 amd64 [installed] +xkb-data/focal,now 2.29-2 all [installed,automatic] +xxd/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] +xz-utils/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed] +zip/focal,now 3.0-11build1 amd64 [installed] +zlib1g/focal-updates,focal-security,now 1:1.2.11.dfsg-2ubuntu1.5 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +/dev/root 29G 22G 7.0G 76% / +devtmpfs 3.4G 0 3.4G 0% /dev +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 694M 1.1M 693M 1% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sda15 105M 6.1M 99M 6% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 694M 0 694M 0% /run/user/1000 +Using kernel: +Linux version 5.4.0-1112-azure-fips (buildd@lcy02-amd64-096) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #118+fips1-Ubuntu SMP Tue Jul 11 20:33:01 UTC 2023 +Install completed successfully on Tue Aug 22 17:15:08 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 20.04 +Hyperv generation: V1 +Feature flags: None +Container runtime: containerd +FIPS enabled: True +=== os-release Begin +NAME="Ubuntu" +VERSION="20.04.6 LTS (Focal Fossa)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 20.04.6 LTS" +VERSION_ID="20.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=focal +UBUNTU_CODENAME=focal +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-image-list.json index fa807189a05..d40f9cdb011 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2004fipscontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-images-table.txt index 46520a27395..f660b3f737b 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -354,11 +352,6 @@ Total: 4 (HIGH: 4, CRITICAL: 0) │ │ │ │ │ │ │ └──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ -mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) -======================================================================== -Total: 0 (HIGH: 0, CRITICAL: 0) - - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) ============================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) @@ -533,22 +526,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +551,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-report.json index 7fa9c2c419a..eccd7d23706 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvm3tt4qfkn7a", + "ArtifactName": "pkrvm2sh49yncqc", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvm3tt4qfkn7a (ubuntu 20.04)", + "Target": "pkrvm2sh49yncqc (ubuntu 20.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest.txt index 12986125851..1229e030d32 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2004fipscontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:09:28 UTC 2023 +Starting build on Tue Aug 22 16:25:53 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,16 +131,16 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:09 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:09 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:22 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:22 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:26 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:26 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:28 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:28 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:28 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:30 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:42 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:42 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:45 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:45 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:45 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:47 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/focal-updates,focal-security,now 0.6.55-0ubuntu12~20.04.6 amd64 [installed,automatic] @@ -693,9 +694,9 @@ nftables/focal,now 0.9.3-2 amd64 [installed] ntfs-3g/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] nvme-cli/focal-updates,now 1.9-1ubuntu0.1 amd64 [installed] open-iscsi/focal-updates,focal-security,now 2.0.874-7.1ubuntu6.4 amd64 [installed] -openssh-client/now 1:8.2p1-4ubuntu0.fips.0.8 amd64 [installed,local] -openssh-server/now 1:8.2p1-4ubuntu0.fips.0.8 amd64 [installed,local] -openssh-sftp-server/now 1:8.2p1-4ubuntu0.fips.0.8 amd64 [installed,local] +openssh-client/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-sftp-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] openssl/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] os-prober/focal,now 1.74ubuntu2 amd64 [installed,automatic] overlayroot/focal-updates,now 0.45ubuntu2 all [installed] @@ -826,7 +827,7 @@ shared-mime-info/focal,now 1.15-1 amd64 [installed,automatic] shim-signed/focal-security,now 1.40.7+15.4-0ubuntu9 amd64 [installed,upgradable to: 1.40.9+15.7-0ubuntu1] socat/focal,now 1.7.3.3-2 amd64 [installed] software-properties-common/focal-updates,now 0.99.9.11 all [installed] -sosreport/focal-updates,now 4.4-1ubuntu0.20.04.1 amd64 [installed] +sosreport/focal-updates,now 4.5.6-0ubuntu1~20.04.1 amd64 [installed] sound-theme-freedesktop/focal,now 0.8-2ubuntu1 all [installed,automatic] ssh-import-id/focal,now 5.10-0ubuntu1 all [installed] strace/focal-updates,now 5.5-3ubuntu1 amd64 [installed,automatic] @@ -864,10 +865,10 @@ usb.ids/focal,now 2020.03.19-1 all [installed,automatic] usbutils/focal,now 1:012-2 amd64 [installed,automatic] util-linux/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] uuid-runtime/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] -vim-common/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 all [installed,automatic] -vim-runtime/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 all [installed,automatic] -vim-tiny/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 amd64 [installed,automatic] -vim/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 amd64 [installed] +vim-common/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-runtime/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-tiny/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] +vim/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed] walinuxagent/focal-updates,now 2.2.46-0ubuntu1.2 amd64 [installed] wget/focal-updates,now 1.20.3-1ubuntu2 amd64 [installed,automatic] whiptail/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] @@ -876,14 +877,14 @@ xauth/focal,now 1:1.1-0ubuntu1 amd64 [installed,automatic] xdg-user-dirs/focal,now 0.17-2ubuntu1 amd64 [installed,automatic] xfsprogs/focal,now 5.3.0-1ubuntu2 amd64 [installed] xkb-data/focal,now 2.29-2 all [installed,automatic] -xxd/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 amd64 [installed,automatic] +xxd/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] xz-utils/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed] zip/focal,now 3.0-11build1 amd64 [installed] zlib1g/focal-updates,focal-security,now 1:1.2.11.dfsg-2ubuntu1.5 amd64 [installed,automatic] === Installed Packages End Disk usage: Filesystem Size Used Avail Use% Mounted on -/dev/root 29G 22G 7.2G 76% / +/dev/root 29G 22G 7.0G 76% / devtmpfs 3.4G 0 3.4G 0% /dev tmpfs 3.4G 0 3.4G 0% /dev/shm tmpfs 694M 1.1M 693M 1% /run @@ -894,10 +895,10 @@ tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup tmpfs 694M 0 694M 0% /run/user/1000 Using kernel: Linux version 5.4.0-1112-azure-fips (buildd@lcy02-amd64-096) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #118+fips1-Ubuntu SMP Tue Jul 11 20:33:01 UTC 2023 -Install completed successfully on Wed Aug 16 17:54:49 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:15:08 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 20.04 Hyperv generation: V1 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..9202b3240e2 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "2204containerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..3613af1ae0f --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0-trivy-report.json @@ -0,0 +1,4636 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmuspp79yus1", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "22.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmuspp79yus1 (ubuntu 22.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0.txt new file mode 100644 index 00000000000..9c679cca098 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/202308.22.0.txt @@ -0,0 +1,897 @@ +Starting build on Tue Aug 22 16:25:34 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:35 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:35 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:38 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:38 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:38 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:39 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +acr-mirror/now 0.1.0 amd64 [installed,local] +adduser/jammy,now 3.118ubuntu5 all [installed,automatic] +apparmor/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] +apt-transport-https/jammy-updates,now 2.4.10 all [installed] +apt-utils/jammy-updates,now 2.4.10 amd64 [installed,automatic] +apt/jammy-updates,now 2.4.10 amd64 [installed,automatic] +attr/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] +base-files/jammy-updates,now 12ubuntu4.4 amd64 [installed] +base-passwd/jammy,now 3.5.52build1 amd64 [installed] +bash-completion/jammy,now 1:2.11-5ubuntu1 all [installed,automatic] +bash/jammy,now 5.1-6ubuntu1 amd64 [installed] +bc/jammy,now 1.07.1-3build1 amd64 [installed,automatic] +bcache-tools/jammy,now 1.0.8-4ubuntu3 amd64 [installed] +bind9-dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +bind9-host/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +bind9-libs/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +binutils-common/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +binutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +blobfuse2/jammy,now 2.0.5 amd64 [installed] +bolt/jammy,now 0.9.2-1 amd64 [installed] +bsdextrautils/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +bsdutils/jammy,now 1:2.37.2-4ubuntu3 amd64 [installed] +btrfs-progs/jammy,now 5.16.2-1 amd64 [installed] +build-essential/jammy,now 12.9ubuntu3 amd64 [installed] +busybox-initramfs/jammy,now 1:1.30.1-7ubuntu3 amd64 [installed,automatic] +busybox-static/jammy,now 1:1.30.1-7ubuntu3 amd64 [installed,automatic] +byobu/jammy,now 5.133-1 all [installed] +bzip2/jammy,now 1.0.8-5build1 amd64 [installed,automatic] +ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 all [installed] +ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed] +cgroup-lite/jammy,now 1.15 all [installed] +chrony/jammy,now 4.2-2ubuntu2 amd64 [installed] +cifs-utils/jammy-updates,jammy-security,now 2:6.14-1ubuntu0.1 amd64 [installed] +cloud-guest-utils/jammy,now 0.32-22-g45fe84a5-0ubuntu1 all [installed] +cloud-init/jammy-updates,now 23.2.2-0ubuntu0~22.04.1 all [installed] +cloud-initramfs-copymods/jammy,now 0.47ubuntu1 all [installed] +cloud-initramfs-dyn-netconf/jammy,now 0.47ubuntu1 all [installed] +command-not-found/jammy,now 22.04.0 all [installed,automatic] +conntrack/jammy,now 1:1.4.6-2build2 amd64 [installed] +console-setup-linux/jammy,now 1.205ubuntu3 all [installed,automatic] +console-setup/jammy,now 1.205ubuntu3 all [installed,automatic] +coreutils/jammy,now 8.32-4.1ubuntu1 amd64 [installed,automatic] +cpio/jammy,now 2.13+dfsg-7 amd64 [installed,automatic] +cpp-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +cpp-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +cpp/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed,automatic] +cracklib-runtime/jammy,now 2.9.6-3.4build4 amd64 [installed] +cron/jammy,now 3.0pl1-137ubuntu3 amd64 [installed,automatic] +cryptsetup-bin/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +cryptsetup-initramfs/jammy-updates,now 2:2.4.3-1ubuntu1.1 all [installed,automatic] +cryptsetup/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed] +dash/jammy,now 0.5.11+git20210903+057cd650a4ed-3build1 amd64 [installed] +dbus-user-session/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +dbus/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +dctrl-tools/jammy,now 2.24-3build2 amd64 [installed,automatic] +debconf-i18n/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debianutils/jammy,now 5.5-1ubuntu2 amd64 [installed,automatic] +diffutils/jammy,now 1:3.8-0ubuntu2 amd64 [installed] +dirmngr/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed] +distro-info-data/jammy-updates,now 0.52ubuntu0.4 all [installed,automatic] +distro-info/jammy-updates,now 1.1ubuntu0.1 amd64 [installed,automatic] +dkms/jammy-updates,now 2.8.7-2ubuntu2.2 all [installed] +dmeventd/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +dmidecode/jammy-updates,now 3.3-3ubuntu0.1 amd64 [installed,automatic] +dmsetup/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 all [installed] +dosfstools/jammy,now 4.2-1build3 amd64 [installed,automatic] +dpkg-dev/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +dpkg/jammy-updates,now 1.21.1ubuntu2.2 amd64 [installed,automatic] +e2fsprogs/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +eatmydata/jammy,now 130-2build1 all [installed] +ebtables/jammy,now 2.0.11-4build2 amd64 [installed] +ed/jammy,now 1.18-1 amd64 [installed,automatic] +efibootmgr/jammy,now 17-1ubuntu2 amd64 [installed] +eject/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +ethtool/jammy,now 1:5.16-1 amd64 [installed] +fdisk/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +file/jammy,now 1:5.41-3 amd64 [installed,automatic] +finalrd/jammy,now 9build1 all [installed,automatic] +findutils/jammy,now 4.8.0-1ubuntu3 amd64 [installed] +fonts-ubuntu-console/jammy,now 0.83-6ubuntu1 all [installed] +friendly-recovery/jammy,now 0.2.42 all [installed,automatic] +ftp/jammy,now 20210827-4build1 all [installed,automatic] +fuse3/jammy,now 3.10.5-1build1 amd64 [installed] +fwupd-signed/jammy-updates,now 1.51.1~22.04.1+1.4-0ubuntu0.1 amd64 [installed] +g++-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +g++/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed,automatic] +gawk/jammy,now 1:5.1.0-1build3 amd64 [installed,automatic] +gcc-11-base/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-12-base/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed] +gdisk/jammy,now 1.0.8-4build1 amd64 [installed,automatic] +gettext-base/jammy,now 0.21-4ubuntu4 amd64 [installed,automatic] +gir1.2-glib-2.0/jammy,now 1.72.0-1 amd64 [installed,automatic] +gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 amd64 [installed] +glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed] +glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] +gnupg-utils/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gnupg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed] +gpg-agent/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg-wks-client/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg-wks-server/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgconf/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgsm/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgv/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +grep/jammy,now 3.7-1build1 amd64 [installed] +groff-base/jammy,now 1.22.4-8build1 amd64 [installed,automatic] +grub-common/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub-efi-amd64-bin/jammy-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/jammy-updates,now 1.187.3~22.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/jammy,now 0.7 amd64 [installed,automatic] +grub-pc-bin/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub-pc/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub2-common/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +gzip/jammy-updates,now 1.10-4ubuntu4.1 amd64 [installed] +hdparm/jammy,now 9.60+ds-1build3 amd64 [installed,automatic] +hostname/jammy,now 3.23ubuntu2 amd64 [installed] +htop/jammy,now 3.0.5-7build2 amd64 [installed] +iftop/jammy,now 1.0~pre4-7 amd64 [installed] +info/jammy,now 6.8-4build1 amd64 [installed,automatic] +init-system-helpers/jammy,now 1.62 all [installed] +init/jammy,now 1.62 amd64 [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 amd64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] +inotify-tools/jammy,now 3.22.1.0-2 amd64 [installed] +install-info/jammy,now 6.8-4build1 amd64 [installed,automatic] +iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 amd64 [installed] +iproute2/jammy,now 5.15.0-1ubuntu2 amd64 [installed] +ipset/jammy,now 7.15-1build1 amd64 [installed] +iptables/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed] +iputils-ping/jammy,now 3:20211215-1 amd64 [installed,automatic] +iputils-tracepath/jammy,now 3:20211215-1 amd64 [installed,automatic] +irqbalance/jammy,now 1.8.0-1build1 amd64 [installed,automatic] +isc-dhcp-client/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic] +isc-dhcp-common/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic] +iso-codes/jammy,now 4.9.0-1 all [installed,automatic] +jq/jammy,now 1.6-2.1ubuntu3 amd64 [installed] +kbd/jammy-updates,now 2.3.0-3ubuntu4.22.04 amd64 [installed,automatic] +keyboard-configuration/jammy,now 1.205ubuntu3 all [installed,automatic] +keyutils/jammy,now 1.6.1-2ubuntu3 amd64 [installed] +klibc-utils/jammy,now 2.0.10-4 amd64 [installed,automatic] +kmod/jammy,now 29-1ubuntu1 amd64 [installed] +kpartx/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 amd64 [installed,automatic] +landscape-common/jammy,now 19.12-0ubuntu13 amd64 [installed] +less/jammy-updates,jammy-security,now 590-1ubuntu0.22.04.1 amd64 [installed,automatic] +libacl1/jammy,now 2.3.1-1 amd64 [installed,automatic] +libaio1/jammy,now 0.3.112-13build1 amd64 [installed,automatic] +libapparmor1/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] +libappstream4/jammy,now 0.15.2-2 amd64 [installed,automatic] +libapt-pkg6.0/jammy-updates,now 2.4.10 amd64 [installed,automatic] +libarchive13/jammy,now 3.6.0-1ubuntu1 amd64 [installed] +libargon2-1/jammy,now 0~20171227-0.3 amd64 [installed,automatic] +libasan6/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libasan8/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libassuan0/jammy,now 2.5.5-1build1 amd64 [installed,automatic] +libatasmart4/jammy,now 0.19-5build2 amd64 [installed] +libatm1/jammy,now 1:2.5.1-4build2 amd64 [installed,automatic] +libatomic1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libattr1/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] +libaudit-common/jammy,now 1:3.0.7-1build1 all [installed,automatic] +libaudit1/jammy,now 1:3.0.7-1build1 amd64 [installed,automatic] +libbabeltrace1/jammy,now 1.5.8-2build1 amd64 [installed,automatic] +libbinutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libblkid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libblockdev-crypto2/jammy,now 2.26-1 amd64 [installed] +libblockdev-fs2/jammy,now 2.26-1 amd64 [installed] +libblockdev-loop2/jammy,now 2.26-1 amd64 [installed] +libblockdev-part-err2/jammy,now 2.26-1 amd64 [installed] +libblockdev-part2/jammy,now 2.26-1 amd64 [installed] +libblockdev-swap2/jammy,now 2.26-1 amd64 [installed] +libblockdev-utils2/jammy,now 2.26-1 amd64 [installed] +libblockdev2/jammy,now 2.26-1 amd64 [installed] +libboost-context1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-filesystem1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-iostreams1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-program-options1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-thread1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libbpf0/jammy-updates,jammy-security,now 1:0.5.0-1ubuntu22.04.1 amd64 [installed,automatic] +libbrotli1/jammy,now 1.0.9-2build6 amd64 [installed,automatic] +libbsd0/jammy,now 0.11.5-1 amd64 [installed,automatic] +libbz2-1.0/jammy,now 1.0.8-5build1 amd64 [installed,automatic] +libc-bin/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc-dev-bin/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc6-dev/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc6/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libcap-ng0/jammy,now 0.7.9-2.2build3 amd64 [installed,automatic] +libcap2-bin/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libcap2/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libcbor0.8/jammy,now 0.8.0-2ubuntu1 amd64 [installed,automatic] +libcc1-0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libcephfs2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +libcom-err2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libcrack2/jammy,now 2.9.6-3.4build4 amd64 [installed,automatic] +libcrypt-dev/jammy,now 1:4.4.27-1 amd64 [installed,automatic] +libcrypt1/jammy,now 1:4.4.27-1 amd64 [installed,automatic] +libcryptsetup12/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +libctf-nobfd0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libctf0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libcurl3-gnutls/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] +libcurl4/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] +libdaxctl1/jammy,now 72.1-1 amd64 [installed,automatic] +libdb5.3/jammy,now 5.3.28+dfsg1-0.8ubuntu3 amd64 [installed,automatic] +libdbus-1-3/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +libdebconfclient0/jammy,now 0.261ubuntu1 amd64 [installed] +libdevmapper-event1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +libdevmapper1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +libdns-export1110/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 amd64 [installed,automatic] +libdpkg-perl/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +libdrm-common/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 all [installed,automatic] +libdrm2/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 amd64 [installed,automatic] +libdw1/jammy,now 0.186-1build1 amd64 [installed,automatic] +libeatmydata1/jammy,now 130-2build1 amd64 [installed] +libedit2/jammy,now 3.1-20210910-1build1 amd64 [installed,automatic] +libefiboot1/jammy,now 37-6ubuntu2 amd64 [installed] +libefivar1/jammy,now 37-6ubuntu2 amd64 [installed] +libelf1/jammy,now 0.186-1build1 amd64 [installed,automatic] +liberror-perl/jammy,now 0.17029-1 all [installed,automatic] +libestr0/jammy,now 0.1.10-2.1build3 amd64 [installed,automatic] +libevent-core-2.1-7/jammy,now 2.1.12-stable-1build3 amd64 [installed,automatic] +libexpat1/jammy-updates,jammy-security,now 2.4.7-1ubuntu0.2 amd64 [installed,automatic] +libext2fs2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libfastjson4/jammy,now 0.99.9-1build2 amd64 [installed,automatic] +libfdisk1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libffi8/jammy,now 3.4.2-4 amd64 [installed,automatic] +libfido2-1/jammy,now 1.10.0-1 amd64 [installed,automatic] +libflashrom1/jammy,now 1.2-5build1 amd64 [installed] +libfreetype6/jammy-updates,jammy-security,now 2.11.1+dfsg-1ubuntu0.2 amd64 [installed,automatic] +libfribidi0/jammy-updates,jammy-security,now 1.0.8-2ubuntu3.1 amd64 [installed,automatic] +libftdi1-2/jammy,now 1.5-5build3 amd64 [installed] +libfuse3-3/jammy,now 3.10.5-1build1 amd64 [installed,automatic] +libfwupd2/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed] +libfwupdplugin5/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed] +libgcab-1.0-0/jammy,now 1.4-3build2 amd64 [installed] +libgcc-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcc-12-dev/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcc-s1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcrypt20/jammy,now 1.9.4-3ubuntu3 amd64 [installed,automatic] +libgdbm-compat4/jammy,now 1.23-1 amd64 [installed,automatic] +libgdbm6/jammy,now 1.23-1 amd64 [installed,automatic] +libgfapi0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfchangelog0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfrpc0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfxdr0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgirepository-1.0-1/jammy,now 1.72.0-1 amd64 [installed,automatic] +libglib2.0-0/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 amd64 [installed,automatic] +libglib2.0-bin/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 amd64 [installed,automatic] +libglib2.0-data/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 all [installed,automatic] +libglusterd0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libglusterfs0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgmp10/jammy,now 2:6.2.1+dfsg-3ubuntu1 amd64 [installed,automatic] +libgnutls30/jammy-updates,jammy-security,now 3.7.3-4ubuntu1.2 amd64 [installed,automatic] +libgomp1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgoogle-perftools4/jammy,now 2.9.1-0ubuntu3 amd64 [installed,automatic] +libgpg-error0/jammy,now 1.43-3 amd64 [installed,automatic] +libgpgme11/jammy-updates,now 1.16.0-1.2ubuntu4.1 amd64 [installed] +libgpm2/jammy,now 1.20.7-10build1 amd64 [installed,automatic] +libgssapi-krb5-2/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libgstreamer1.0-0/jammy-updates,now 1.20.3-0ubuntu1 amd64 [installed,automatic] +libgudev-1.0-0/jammy,now 1:237-2build1 amd64 [installed] +libgusb2/jammy,now 0.3.10-1 amd64 [installed] +libhogweed6/jammy,now 3.7.3-1build2 amd64 [installed,automatic] +libibverbs1/jammy,now 39.0-1 amd64 [installed,automatic] +libicu70/jammy,now 70.1-2 amd64 [installed,automatic] +libidn2-0/jammy,now 2.3.2-2build1 amd64 [installed,automatic] +libinih1/jammy,now 53-1ubuntu3 amd64 [installed,automatic] +libinotifytools0/jammy,now 3.22.1.0-2 amd64 [installed,automatic] +libintl-perl/jammy,now 1.26-3build2 all [installed,automatic] +libintl-xs-perl/jammy,now 1.26-3build2 amd64 [installed,automatic] +libip4tc2/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libip6tc2/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libipset13/jammy,now 7.15-1build1 amd64 [installed,automatic] +libisc-export1105/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 amd64 [installed,automatic] +libisl23/jammy,now 0.24-2build1 amd64 [installed,automatic] +libisns0/jammy,now 0.101-0ubuntu2 amd64 [installed,automatic] +libitm1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libjansson4/jammy,now 2.13.1-1.1build3 amd64 [installed,automatic] +libjcat1/jammy,now 0.1.9-1 amd64 [installed] +libjq1/jammy,now 1.6-2.1ubuntu3 amd64 [installed,automatic] +libjson-c5/jammy-updates,now 0.15-3~ubuntu1.22.04.1 amd64 [installed,automatic] +libjson-glib-1.0-0/jammy,now 1.6.6-1build1 amd64 [installed] +libjson-glib-1.0-common/jammy,now 1.6.6-1build1 all [installed] +libk5crypto3/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libkeyutils1/jammy,now 1.6.1-2ubuntu3 amd64 [installed,automatic] +libklibc/jammy,now 2.0.10-4 amd64 [installed,automatic] +libkmod2/jammy,now 29-1ubuntu1 amd64 [installed,automatic] +libkrb5-3/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libkrb5support0/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libksba8/jammy-updates,jammy-security,now 1.6.0-2ubuntu0.2 amd64 [installed,automatic] +libldap-2.5-0/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 amd64 [installed,automatic] +libldap-common/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 all [installed,automatic] +liblmdb0/jammy,now 0.9.24-1build2 amd64 [installed,automatic] +liblocale-gettext-perl/jammy,now 1.07-4build3 amd64 [installed,automatic] +liblsan0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +liblua5.3-0/jammy,now 5.3.6-1build1 amd64 [installed,automatic] +liblvm2cmd2.03/jammy,now 2.03.11-2.1ubuntu4 amd64 [installed,automatic] +liblz4-1/jammy,now 1.9.3-2build2 amd64 [installed,automatic] +liblzma5/jammy,now 5.2.5-2ubuntu1 amd64 [installed,automatic] +liblzo2-2/jammy,now 2.10-2build3 amd64 [installed,automatic] +libmagic-mgc/jammy,now 1:5.41-3 amd64 [installed,automatic] +libmagic1/jammy,now 1:5.41-3 amd64 [installed,automatic] +libmaxminddb0/jammy,now 1.5.2-1build2 amd64 [installed,automatic] +libmbim-glib4/jammy-updates,now 1.28.0-1~ubuntu20.04.1 amd64 [installed] +libmbim-proxy/jammy-updates,now 1.28.0-1~ubuntu20.04.1 amd64 [installed] +libmd0/jammy,now 1.0.4-1build1 amd64 [installed,automatic] +libmm-glib0/jammy-updates,now 1.20.0-1~ubuntu22.04.2 amd64 [installed] +libmnl0/jammy,now 1.0.4-3build2 amd64 [installed,automatic] +libmodule-find-perl/jammy,now 0.15-1 all [installed,automatic] +libmodule-scandeps-perl/jammy,now 1.31-1 all [installed,automatic] +libmount1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libmpc3/jammy,now 1.2.1-2build1 amd64 [installed,automatic] +libmpdec3/jammy,now 2.5.1-2build2 amd64 [installed,automatic] +libmpfr6/jammy,now 4.1.0-3build3 amd64 [installed,automatic] +libncurses6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libncursesw6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libndctl6/jammy,now 72.1-1 amd64 [installed,automatic] +libnetfilter-conntrack3/jammy,now 1.0.9-1 amd64 [installed,automatic] +libnetplan0/jammy-updates,now 0.105-0ubuntu2~22.04.3 amd64 [installed,automatic] +libnettle8/jammy,now 3.7.3-1build2 amd64 [installed,automatic] +libnewt0.52/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +libnfnetlink0/jammy,now 1.0.1-3build3 amd64 [installed,automatic] +libnfsidmap1/jammy-updates,now 1:2.6.1-1ubuntu1.2 amd64 [installed,automatic] +libnftables1/jammy-updates,now 1.0.2-1ubuntu3 amd64 [installed,automatic] +libnftnl11/jammy,now 1.2.1-1build1 amd64 [installed,automatic] +libnghttp2-14/jammy,now 1.43.0-1build3 amd64 [installed,automatic] +libnl-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnl-genl-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnl-route-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnpth0/jammy,now 1.6-3build2 amd64 [installed,automatic] +libnsl-dev/jammy,now 1.3.0-2build2 amd64 [installed,automatic] +libnsl2/jammy,now 1.3.0-2build2 amd64 [installed,automatic] +libnspr4/jammy,now 2:4.32-3build1 amd64 [installed] +libnss-systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libnss3/jammy-updates,jammy-security,now 2:3.68.2-0ubuntu1.2 amd64 [installed] +libntfs-3g89/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 amd64 [installed,automatic] +libnuma1/jammy,now 2.0.14-3ubuntu2 amd64 [installed,automatic] +liboath0/jammy,now 2.6.7-3build1 amd64 [installed,automatic] +libonig5/jammy,now 6.9.7.1-2build1 amd64 [installed,automatic] +libopeniscsiusr/jammy,now 2.1.5-1ubuntu1 amd64 [installed,automatic] +libp11-kit0/jammy,now 0.24.0-6build1 amd64 [installed,automatic] +libpackagekit-glib2-18/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +libpam-cap/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libpam-modules-bin/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libpam-modules/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libpam-pwquality/jammy,now 1.4.4-1build2 amd64 [installed] +libpam-runtime/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 all [installed,automatic] +libpam-systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libpam0g/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libparted-fs-resize0/jammy,now 3.4-2build1 amd64 [installed] +libparted2/jammy,now 3.4-2build1 amd64 [installed,automatic] +libpcap0.8/jammy,now 1.10.1-4build1 amd64 [installed,automatic] +libpci3/jammy,now 1:3.7.0-6 amd64 [installed,automatic] +libpcre2-8-0/jammy-updates,jammy-security,now 10.39-3ubuntu0.1 amd64 [installed,automatic] +libpcre3/jammy-updates,jammy-security,now 2:8.39-13ubuntu0.22.04.1 amd64 [installed,automatic] +libperl5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +libpipeline1/jammy,now 1.5.5-1 amd64 [installed,automatic] +libplymouth5/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +libpmem1/jammy,now 1.11.1-3build1 amd64 [installed,automatic] +libpmemobj1/jammy,now 1.11.1-3build1 amd64 [installed,automatic] +libpng16-16/jammy,now 1.6.37-3build5 amd64 [installed,automatic] +libpolkit-agent-1-0/jammy,now 0.105-33 amd64 [installed,automatic] +libpolkit-gobject-1-0/jammy,now 0.105-33 amd64 [installed,automatic] +libpopt0/jammy,now 1.18-3build1 amd64 [installed,automatic] +libproc-processtable-perl/jammy,now 0.634-1build1 amd64 [installed,automatic] +libprocps8/jammy,now 2:3.3.17-6ubuntu2 amd64 [installed,automatic] +libpsl5/jammy,now 0.21.0-1.2build2 amd64 [installed,automatic] +libpwquality-common/jammy,now 1.4.4-1build2 all [installed,automatic] +libpwquality-tools/jammy,now 1.4.4-1build2 amd64 [installed] +libpwquality1/jammy,now 1.4.4-1build2 amd64 [installed,automatic] +libpython3-stdlib/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed,automatic] +libpython3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libpython3.10-stdlib/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libpython3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libqmi-glib5/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 amd64 [installed] +libqmi-proxy/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 amd64 [installed] +libquadmath0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +librabbitmq4/jammy,now 0.10.0-1ubuntu2 amd64 [installed,automatic] +librados2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +libradosstriper1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +librbd1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +librdmacm1/jammy,now 39.0-1 amd64 [installed,automatic] +libreadline8/jammy,now 8.1.2-1 amd64 [installed,automatic] +librtmp1/jammy,now 2.4+20151223.gitfa8646d.1-2build4 amd64 [installed,automatic] +libsasl2-2/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libsasl2-modules-db/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libsasl2-modules/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libseccomp2/jammy,now 2.5.3-2ubuntu2 amd64 [installed,automatic] +libselinux1/jammy,now 3.3-1build2 amd64 [installed,automatic] +libsemanage-common/jammy,now 3.3-1build2 all [installed,automatic] +libsemanage2/jammy,now 3.3-1build2 amd64 [installed,automatic] +libsensors-config/jammy,now 1:3.6.0-7ubuntu1 all [installed,automatic] +libsensors5/jammy,now 1:3.6.0-7ubuntu1 amd64 [installed,automatic] +libsepol2/jammy,now 3.3-1build1 amd64 [installed,automatic] +libsgutils2-2/jammy,now 1.46-1build1 amd64 [installed,automatic] +libsigsegv2/jammy,now 2.13-1ubuntu3 amd64 [installed,automatic] +libslang2/jammy,now 2.3.2-5build4 amd64 [installed,automatic] +libsmartcols1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libsmbios-c2/jammy,now 2.4.3-1build1 amd64 [installed] +libsnappy1v5/jammy,now 1.1.8-1build3 amd64 [installed,automatic] +libsodium23/jammy,now 1.0.18-1build2 amd64 [installed,automatic] +libsort-naturally-perl/jammy,now 1.03-2 all [installed,automatic] +libsqlite3-0/jammy-updates,jammy-security,now 3.37.2-2ubuntu0.1 amd64 [installed,automatic] +libss2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libssh-4/jammy-updates,jammy-security,now 0.9.6-2ubuntu0.22.04.1 amd64 [installed,automatic] +libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 amd64 [installed,automatic] +libstdc++-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libstdc++6/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libstemmer0d/jammy,now 2.2.0-1build1 amd64 [installed,automatic] +libsysfs2/jammy,now 2.1.1-1build1 amd64 [installed,automatic] +libsystemd0/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libtalloc2/jammy,now 2.3.3-2build1 amd64 [installed] +libtasn1-6/jammy,now 4.18.0-4build1 amd64 [installed,automatic] +libtcl8.6/jammy,now 8.6.12+dfsg-1build1 amd64 [installed] +libtcmalloc-minimal4/jammy,now 2.9.1-0ubuntu3 amd64 [installed,automatic] +libterm-readkey-perl/jammy,now 2.38-1build4 amd64 [installed,automatic] +libtevent0/jammy,now 0.11.0-1build1 amd64 [installed] +libtext-charwidth-perl/jammy,now 0.04-10build3 amd64 [installed,automatic] +libtext-iconv-perl/jammy,now 1.7-7build3 amd64 [installed,automatic] +libtext-wrapi18n-perl/jammy,now 0.06-9 all [installed,automatic] +libtinfo6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libtirpc-common/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 all [installed,automatic] +libtirpc-dev/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 amd64 [installed,automatic] +libtirpc3/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 amd64 [installed,automatic] +libtsan0/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libtsan2/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libtss2-esys-3.0.2-0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-mu0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-rc0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-sys1/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-cmd0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-device0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-mssim0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-swtpm0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libubsan1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libuchardet0/jammy,now 0.0.7-1build2 amd64 [installed,automatic] +libudev1/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libudisks2-0/jammy,now 2.9.4-1ubuntu2 amd64 [installed] +libunistring2/jammy,now 1.0-1 amd64 [installed,automatic] +libunwind8/jammy-updates,now 1.3.2-2build2.1 amd64 [installed,automatic] +liburcu8/jammy,now 0.13.1-1 amd64 [installed,automatic] +libusb-1.0-0/jammy-updates,now 2:1.0.25-1ubuntu2 amd64 [installed,automatic] +libutempter0/jammy,now 1.2.1-2build2 amd64 [installed,automatic] +libuuid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libuv1/jammy,now 1.43.0-1 amd64 [installed,automatic] +libvolume-key1/jammy,now 0.3.12-3.1build3 amd64 [installed] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 amd64 [installed] +libwrap0/jammy,now 7.6.q-31build2 amd64 [installed] +libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 amd64 [installed,automatic] +libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] +libxau6/jammy,now 1:1.0.9-1build5 amd64 [installed,automatic] +libxcb1/jammy,now 1.14-3ubuntu3 amd64 [installed,automatic] +libxdmcp6/jammy,now 1:1.1.3-0ubuntu5 amd64 [installed,automatic] +libxext6/jammy,now 2:1.3.4-1build1 amd64 [installed,automatic] +libxml2/jammy-updates,jammy-security,now 2.9.13+dfsg-1ubuntu0.3 amd64 [installed,automatic] +libxmlb2/jammy,now 0.3.6-2build1 amd64 [installed,automatic] +libxmuu1/jammy,now 2:1.1.3-3 amd64 [installed,automatic] +libxtables12/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libxxhash0/jammy,now 0.8.1-1 amd64 [installed,automatic] +libyaml-0-2/jammy,now 0.2.2-1build2 amd64 [installed,automatic] +libzstd1/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] +linux-azure-cloud-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-azure-headers-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 all [installed] +linux-azure-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] +linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] +linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 amd64 [installed,automatic] +linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] +login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed] +logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 amd64 [installed,automatic] +logsave/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +lsb-base/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lsb-release/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lshw/jammy,now 02.19.git.2021.06.19.996aaad9c7-2build1 amd64 [installed,automatic] +lsof/jammy,now 4.93.2+dfsg-1.1build2 amd64 [installed,automatic] +lsscsi/jammy,now 0.31-1build2 amd64 [installed] +lto-disabled-list/jammy,now 24 all [installed,automatic] +lvm2/jammy,now 2.03.11-2.1ubuntu4 amd64 [installed] +lxd-agent-loader/jammy,now 0.5 all [installed] +make/jammy,now 4.3-4.1build1 amd64 [installed] +man-db/jammy,now 2.10.2-1 amd64 [installed,automatic] +manpages/jammy,now 5.10-1ubuntu1 all [installed,automatic] +mawk/jammy,now 1.3.4.20200120-3 amd64 [installed,automatic] +mdadm/jammy-updates,now 4.2-0ubuntu2 amd64 [installed] +media-types/jammy,now 7.0.0 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu22.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu22.04u1] +moby-runc/testing,jammy,now 1.1.7+azure-ubuntu22.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu22.04u1] +mokutil/jammy-updates,now 0.6.0-2~22.04.1 amd64 [installed] +motd-news-config/jammy-updates,now 12ubuntu4.4 all [installed] +mount/jammy,now 2.37.2-4ubuntu3 amd64 [installed] +mtr-tiny/jammy,now 0.95-1 amd64 [installed,automatic] +multipath-tools/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 amd64 [installed] +nano/jammy,now 6.2-1 amd64 [installed,automatic] +ncurses-base/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +ncurses-bin/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed] +ncurses-term/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +needrestart/jammy-updates,jammy-security,now 3.5-5ubuntu2.1 all [installed] +netbase/jammy,now 6.3 all [installed,automatic] +netcat-openbsd/jammy,now 1.218-4ubuntu1 amd64 [installed,automatic] +netcat/jammy,now 1.218-4ubuntu1 all [installed] +netplan.io/jammy-updates,now 0.105-0ubuntu2~22.04.3 amd64 [installed,automatic] +networkd-dispatcher/jammy-updates,jammy-security,now 2.1-2ubuntu0.22.04.2 all [installed,automatic] +nfs-common/jammy-updates,now 1:2.6.1-1ubuntu1.2 amd64 [installed] +nftables/jammy-updates,now 1.0.2-1ubuntu3 amd64 [installed] +ntfs-3g/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 amd64 [installed,automatic] +nvme-cli/jammy-updates,now 1.16-3ubuntu0.1 amd64 [installed] +open-iscsi/jammy,now 2.1.5-1ubuntu1 amd64 [installed] +openssh-client/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed,automatic] +openssh-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed] +openssh-sftp-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed] +openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 amd64 [installed,automatic] +os-prober/jammy,now 1.79ubuntu2 amd64 [installed,automatic] +overlayroot/jammy,now 0.47ubuntu1 all [installed] +packagekit-tools/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +packagekit/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +packages-microsoft-prod/jammy,now 1.0-ubuntu22.04.1 all [installed] +parted/jammy,now 3.4-2build1 amd64 [installed,automatic] +passwd/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed,automatic] +pastebinit/jammy,now 1.5.1-1ubuntu1 all [installed,automatic] +patch/jammy,now 2.7.6-7build2 amd64 [installed] +pci.ids/jammy,now 0.0~2022.01.22-1 all [installed,automatic] +pciutils/jammy,now 1:3.7.0-6 amd64 [installed,automatic] +perl-base/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +perl-modules-5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 all [installed,automatic] +perl/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +pigz/jammy,now 2.6-1 amd64 [installed] +pinentry-curses/jammy,now 1.1.1-1build2 amd64 [installed,automatic] +pkexec/jammy,now 0.105-33 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +plymouth/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +policykit-1/jammy,now 0.105-33 amd64 [installed,automatic] +polkitd/jammy,now 0.105-33 amd64 [installed,automatic] +pollinate/jammy,now 4.33-3ubuntu2 all [installed] +powermgmt-base/jammy,now 1.36 all [installed,automatic] +procps/jammy,now 2:3.3.17-6ubuntu2 amd64 [installed,automatic] +psmisc/jammy,now 23.4-2build3 amd64 [installed,automatic] +publicsuffix/jammy,now 20211207.1025-1 all [installed,automatic] +python-apt-common/jammy-updates,now 2.4.0ubuntu2 all [installed,automatic] +python-babel-localedata/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-apt/jammy-updates,now 2.4.0ubuntu2 amd64 [installed,automatic] +python3-attr/jammy,now 21.2.0-1 all [installed,automatic] +python3-automat/jammy,now 20.2.0-1 all [installed,automatic] +python3-babel/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-bcrypt/jammy,now 3.2.0-1build1 amd64 [installed,automatic] +python3-blinker/jammy,now 1.4+dfsg1-0.4 all [installed,automatic] +python3-ceph-argparse/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 all [installed,automatic] +python3-cephfs/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-certifi/jammy,now 2020.6.20-1 all [installed] +python3-cffi-backend/jammy,now 1.15.0-1build2 amd64 [installed,automatic] +python3-chardet/jammy,now 4.0.0-1 all [installed,automatic] +python3-click/jammy,now 8.0.3-1 all [installed,automatic] +python3-colorama/jammy,now 0.4.4-1 all [installed,automatic] +python3-commandnotfound/jammy,now 22.04.0 all [installed,automatic] +python3-configobj/jammy,now 5.0.6-5 all [installed,automatic] +python3-constantly/jammy,now 15.1.0-2 all [installed,automatic] +python3-cryptography/jammy,now 3.4.8-1ubuntu2 amd64 [installed,automatic] +python3-dbus/jammy,now 1.2.18-3build1 amd64 [installed,automatic] +python3-debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +python3-debian/jammy-updates,now 0.1.43ubuntu1.1 all [installed,automatic] +python3-distro-info/jammy-updates,now 1.1ubuntu0.1 all [installed,automatic] +python3-distro/jammy,now 1.7.0-1 all [installed,automatic] +python3-distupgrade/jammy-updates,now 1:22.04.17 all [installed,automatic] +python3-distutils/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-gdbm/jammy-updates,jammy-security,now 3.10.8-1~22.04 amd64 [installed,automatic] +python3-gi/jammy-updates,now 3.42.1-0ubuntu1 amd64 [installed,automatic] +python3-hamcrest/jammy,now 2.0.2-2 all [installed,automatic] +python3-httplib2/jammy,now 0.20.2-2 all [installed,automatic] +python3-hyperlink/jammy,now 21.0.0-3 all [installed,automatic] +python3-idna/jammy,now 3.3-1 all [installed,automatic] +python3-importlib-metadata/jammy,now 4.6.4-1 all [installed,automatic] +python3-incremental/jammy,now 21.3.0-1 all [installed,automatic] +python3-jeepney/jammy,now 0.7.1-3 all [installed,automatic] +python3-jinja2/jammy,now 3.0.3-1 all [installed] +python3-json-pointer/jammy,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/jammy,now 1.32-2 all [installed] +python3-jsonschema/jammy,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/jammy-updates,jammy-security,now 2.3.0-1ubuntu0.2 all [installed,automatic] +python3-keyring/jammy,now 23.5.0-1 all [installed,automatic] +python3-launchpadlib/jammy,now 1.10.16-1 all [installed,automatic] +python3-lazr.restfulclient/jammy,now 0.14.4-1 all [installed,automatic] +python3-lazr.uri/jammy,now 1.0.6-2 all [installed,automatic] +python3-lib2to3/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-magic/jammy,now 2:0.4.24-2 all [installed,automatic] +python3-markupsafe/jammy,now 2.0.1-2build1 amd64 [installed] +python3-minimal/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed,automatic] +python3-more-itertools/jammy,now 8.10.0-2 all [installed,automatic] +python3-netifaces/jammy,now 0.11.0-1build2 amd64 [installed,automatic] +python3-newt/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +python3-oauthlib/jammy-updates,jammy-security,now 3.2.0-1ubuntu0.1 all [installed,automatic] +python3-openssl/jammy,now 21.0.0-1 all [installed,automatic] +python3-parted/jammy,now 3.11.7-1build1 amd64 [installed] +python3-pexpect/jammy,now 4.8.0-2ubuntu1 all [installed,automatic] +python3-pkg-resources/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed,automatic] +python3-prettytable/jammy,now 2.5.0-2 all [installed,automatic] +python3-ptyprocess/jammy,now 0.7.0-3 all [installed,automatic] +python3-pyasn1-modules/jammy,now 0.2.1-1 all [installed,automatic] +python3-pyasn1/jammy,now 0.4.8-1 all [installed,automatic] +python3-pyparsing/jammy,now 2.4.7-1 all [installed,automatic] +python3-pyrsistent/jammy,now 0.18.1-1build1 amd64 [installed] +python3-rados/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-rbd/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-requests/jammy-updates,jammy-security,now 2.25.1+dfsg-2ubuntu0.1 all [installed] +python3-secretstorage/jammy,now 3.3.1-1 all [installed,automatic] +python3-serial/jammy,now 3.5-1 all [installed] +python3-service-identity/jammy,now 18.1.0-6 all [installed,automatic] +python3-setuptools/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed] +python3-six/jammy,now 1.16.0-3ubuntu1 all [installed,automatic] +python3-software-properties/jammy-updates,now 0.99.22.7 all [installed,automatic] +python3-twisted/jammy-updates,jammy-security,now 22.1.0-2ubuntu2.3 all [installed,automatic] +python3-tz/jammy-updates,now 2022.1-1ubuntu0.22.04.1 all [installed] +python3-update-manager/jammy-updates,now 1:22.04.10 all [installed,automatic] +python3-urllib3/jammy,now 1.26.5-1~exp1 all [installed] +python3-wadllib/jammy,now 1.3.6-1 all [installed,automatic] +python3-wcwidth/jammy,now 0.2.5+dfsg1-1 all [installed,automatic] +python3-yaml/jammy,now 5.4.1-1ubuntu1 amd64 [installed,automatic] +python3-zipp/jammy,now 1.0.0-3 all [installed,automatic] +python3-zope.interface/jammy,now 5.4.0-1build1 amd64 [installed,automatic] +python3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +python3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +python3/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed] +readline-common/jammy,now 8.1.2-1 all [installed,automatic] +rng-tools-debian/jammy,now 2.3 amd64 [installed] +rpcbind/jammy,now 1.2.6-2build1 amd64 [installed,automatic] +rpcsvc-proto/jammy,now 1.4.2-0ubuntu6 amd64 [installed,automatic] +rsync/jammy-updates,jammy-security,now 3.2.7-0ubuntu0.22.04.2 amd64 [installed,automatic] +rsyslog/jammy-updates,jammy-security,now 8.2112.0-2ubuntu2.2 amd64 [installed,automatic] +run-one/jammy,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/jammy,now 0.9.4-2ubuntu2 amd64 [installed] +screen/jammy,now 4.9.0-1 amd64 [installed] +secureboot-db/jammy,now 1.8 amd64 [installed] +sed/jammy,now 4.8-1ubuntu2 amd64 [installed,automatic] +sensible-utils/jammy,now 0.0.17 all [installed,automatic] +sg3-utils-udev/jammy,now 1.46-1build1 all [installed,automatic] +sg3-utils/jammy,now 1.46-1build1 amd64 [installed,automatic] +shared-mime-info/jammy,now 2.1-2 amd64 [installed,automatic] +shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 amd64 [installed] +socat/jammy,now 1.7.4.1-3ubuntu4 amd64 [installed] +software-properties-common/jammy-updates,now 0.99.22.7 all [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 amd64 [installed] +ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] +strace/jammy,now 5.16-0ubuntu3 amd64 [installed,automatic] +sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 amd64 [installed,automatic] +sysfsutils/jammy,now 2.1.1-1build1 amd64 [installed] +sysstat/jammy-updates,jammy-security,now 12.5.2-2ubuntu0.2 amd64 [installed] +systemd-hwe-hwdb/jammy-updates,now 249.11.3 all [installed,automatic] +systemd-sysv/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +sysvinit-utils/jammy,now 3.01-1ubuntu1 amd64 [installed] +tar/jammy-updates,jammy-security,now 1.34+dfsg-1ubuntu0.1.22.04.1 amd64 [installed,automatic] +tcl8.6/jammy,now 8.6.12+dfsg-1build1 amd64 [installed] +tcl/jammy,now 8.6.11+1build2 amd64 [installed] +tcpdump/jammy-updates,now 4.99.1-3ubuntu0.1 amd64 [installed,automatic] +telnet/jammy,now 0.17-44build1 amd64 [installed,automatic] +thin-provisioning-tools/jammy,now 0.9.0-2ubuntu1 amd64 [installed,automatic] +time/jammy,now 1.9-0.1build2 amd64 [installed,automatic] +tmux/jammy-updates,jammy-security,now 3.2a-4ubuntu0.2 amd64 [installed] +tnftp/jammy,now 20210827-4build1 amd64 [installed,automatic] +tpm-udev/jammy,now 0.6 all [installed] +traceroute/jammy,now 1:2.1.0-2 amd64 [installed] +tzdata/jammy-updates,now 2023c-0ubuntu0.22.04.2 all [installed,automatic] +ubuntu-advantage-tools/jammy-updates,now 28.1~22.04 amd64 [installed,automatic] +ubuntu-keyring/jammy,now 2021.03.26 all [installed,automatic] +ubuntu-minimal/jammy-updates,now 1.481.1 amd64 [installed] +ubuntu-release-upgrader-core/jammy-updates,now 1:22.04.17 all [installed,automatic] +ubuntu-standard/jammy-updates,now 1.481.1 amd64 [installed] +ucf/jammy,now 3.0043 all [installed,automatic] +udev/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +ufw/jammy-updates,now 0.36.1-4ubuntu0.1 all [installed,automatic] +unattended-upgrades/jammy,now 2.8ubuntu1 all [installed] +update-manager-core/jammy-updates,now 1:22.04.10 all [installed,automatic] +update-notifier-common/jammy-updates,now 3.192.54.6 all [installed] +usb-modeswitch-data/jammy,now 20191128-4 all [installed] +usb-modeswitch/jammy,now 2.6.1-3ubuntu2 amd64 [installed] +usb.ids/jammy,now 2022.04.02-1 all [installed,automatic] +usbutils/jammy,now 1:014-1build1 amd64 [installed,automatic] +usrmerge/jammy,now 25ubuntu2 all [installed,automatic] +util-linux/jammy,now 2.37.2-4ubuntu3 amd64 [installed] +uuid-runtime/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed] +walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 amd64 [installed] +wget/jammy,now 1.21.2-2ubuntu1 amd64 [installed,automatic] +whiptail/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +wireless-regdb/jammy-updates,jammy-security,now 2022.06.06-0ubuntu1~22.04.1 all [installed,automatic] +xauth/jammy,now 1:1.1-1build2 amd64 [installed,automatic] +xdg-user-dirs/jammy,now 0.17-2ubuntu4 amd64 [installed,automatic] +xfsprogs/jammy,now 5.13.0-1ubuntu2 amd64 [installed] +xkb-data/jammy,now 2.33-1 all [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed] +zip/jammy,now 3.0-12build2 amd64 [installed] +zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 amd64 [installed,automatic] +zstd/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +/dev/root 29G 23G 6.9G 77% / +tmpfs 3.9G 0 3.9G 0% /dev/shm +tmpfs 1.6G 812K 1.6G 1% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +/dev/sda15 105M 6.1M 99M 6% /boot/efi +/dev/sdb1 16G 28K 15G 1% /mnt +tmpfs 794M 0 794M 0% /run/user/1000 +Using kernel: +Linux version 5.15.0-1041-azure (buildd@lcy02-amd64-062) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 +Install completed successfully on Tue Aug 22 17:04:30 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 22.04 +Hyperv generation: V1 +Feature flags: None +Container runtime: containerd +FIPS enabled: +=== os-release Begin +PRETTY_NAME="Ubuntu 22.04.3 LTS" +NAME="Ubuntu" +VERSION_ID="22.04" +VERSION="22.04.3 LTS (Jammy Jellyfish)" +VERSION_CODENAME=jammy +ID=ubuntu +ID_LIKE=debian +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +UBUNTU_CODENAME=jammy +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-image-list.json index ebe10a84aa8..9202b3240e2 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2204containerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-report.json index c6af491768d..3613af1ae0f 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvm5ok5039zqb", + "ArtifactName": "pkrvmuspp79yus1", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvm5ok5039zqb (ubuntu 22.04)", + "Target": "pkrvmuspp79yus1 (ubuntu 22.04)", "Class": "os-pkgs", "Type": "ubuntu", "Vulnerabilities": [ @@ -82,10 +82,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -190,10 +191,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -235,6 +237,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -249,7 +252,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -368,10 +371,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -476,10 +480,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -521,6 +526,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -535,7 +541,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -654,10 +660,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -762,10 +769,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -807,6 +815,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -821,7 +830,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -940,10 +949,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1048,10 +1058,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1093,6 +1104,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1107,7 +1119,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1226,10 +1238,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1334,10 +1347,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1379,6 +1393,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1393,7 +1408,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1512,10 +1527,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1620,10 +1636,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1665,6 +1682,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1679,7 +1697,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1798,10 +1816,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1906,10 +1925,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1951,6 +1971,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1965,7 +1986,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2084,10 +2105,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2192,10 +2214,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -2237,6 +2260,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -2251,7 +2275,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -3893,7 +3917,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3902,7 +3928,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4052,7 +4078,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4061,7 +4089,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4211,7 +4239,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4220,7 +4250,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4370,7 +4400,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4379,7 +4411,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -4532,7 +4564,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4541,7 +4575,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest.txt index bb576789e12..9c679cca098 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen1/2204containerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:20 UTC 2023 +Starting build on Tue Aug 22 16:25:34 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,16 +131,16 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:13 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:13 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:18 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:18 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:18 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:20 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:32 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:32 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:35 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:35 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:38 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:38 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:38 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:39 /usr/local/bin/bpftrace === Installed Packages Begin Listing... acr-mirror/now 0.1.0 amd64 [installed,local] @@ -242,8 +243,8 @@ gdisk/jammy,now 1.0.8-4build1 amd64 [installed,automatic] gettext-base/jammy,now 0.21-4ubuntu4 amd64 [installed,automatic] gir1.2-glib-2.0/jammy,now 1.72.0-1 amd64 [installed,automatic] gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] -git-man/jammy-updates,jammy-security,now 1:2.34.1-1ubuntu1.9 all [installed,automatic] -git/jammy-updates,jammy-security,now 1:2.34.1-1ubuntu1.9 amd64 [installed] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 amd64 [installed] glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed] glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] @@ -273,9 +274,9 @@ iftop/jammy,now 1.0~pre4-7 amd64 [installed] info/jammy,now 6.8-4build1 amd64 [installed,automatic] init-system-helpers/jammy,now 1.62 all [installed] init/jammy,now 1.62 amd64 [installed] -initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.2 amd64 [installed,automatic] -initramfs-tools-core/jammy-updates,now 0.140ubuntu13.2 all [installed,automatic] -initramfs-tools/jammy-updates,now 0.140ubuntu13.2 all [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 amd64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] inotify-tools/jammy,now 3.22.1.0-2 amd64 [installed] install-info/jammy,now 6.8-4build1 amd64 [installed,automatic] iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 amd64 [installed] @@ -596,7 +597,7 @@ libutempter0/jammy,now 1.2.1-2build2 amd64 [installed,automatic] libuuid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] libuv1/jammy,now 1.43.0-1 amd64 [installed,automatic] libvolume-key1/jammy,now 0.3.12-3.1build3 amd64 [installed] -libwbclient0/jammy-security,now 2:4.15.13+dfsg-0ubuntu1.2 amd64 [installed,upgradable to: 2:4.15.13+dfsg-0ubuntu1.3] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 amd64 [installed] libwrap0/jammy,now 7.6.q-31build2 amd64 [installed] libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 amd64 [installed,automatic] libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] @@ -619,17 +620,17 @@ linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-cloud-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-libc-dev/jammy-updates,now 5.15.0-79.86 amd64 [installed,automatic] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 amd64 [installed,automatic] linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed] logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 amd64 [installed,automatic] @@ -802,7 +803,7 @@ shared-mime-info/jammy,now 2.1-2 amd64 [installed,automatic] shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 amd64 [installed] socat/jammy,now 1.7.4.1-3ubuntu4 amd64 [installed] software-properties-common/jammy-updates,now 0.99.22.7 all [installed] -sosreport/jammy-updates,now 4.4-1ubuntu1.22.04.1 amd64 [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 amd64 [installed] ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] strace/jammy,now 5.16-0ubuntu3 amd64 [installed,automatic] sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 amd64 [installed,automatic] @@ -842,10 +843,10 @@ usbutils/jammy,now 1:014-1build1 amd64 [installed,automatic] usrmerge/jammy,now 25ubuntu2 all [installed,automatic] util-linux/jammy,now 2.37.2-4ubuntu3 amd64 [installed] uuid-runtime/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] -vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed,automatic] -vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed] walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 amd64 [installed] wget/jammy,now 1.21.2-2ubuntu1 amd64 [installed,automatic] whiptail/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] @@ -854,7 +855,7 @@ xauth/jammy,now 1:1.1-1build2 amd64 [installed,automatic] xdg-user-dirs/jammy,now 0.17-2ubuntu4 amd64 [installed,automatic] xfsprogs/jammy,now 5.13.0-1ubuntu2 amd64 [installed] xkb-data/jammy,now 2.33-1 all [installed,automatic] -xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed] zip/jammy,now 3.0-12build2 amd64 [installed] zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 amd64 [installed,automatic] @@ -862,7 +863,7 @@ zstd/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] === Installed Packages End Disk usage: Filesystem Size Used Avail Use% Mounted on -/dev/root 29G 22G 7.1G 76% / +/dev/root 29G 23G 6.9G 77% / tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs 1.6G 812K 1.6G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock @@ -871,10 +872,10 @@ tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 794M 0 794M 0% /run/user/1000 Using kernel: Linux version 5.15.0-1041-azure (buildd@lcy02-amd64-062) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 -Install completed successfully on Wed Aug 16 17:43:30 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:04:30 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 22.04 Hyperv generation: V1 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..8c1ffa58372 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "1804gen2containerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..af0f4392dca --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmr6i2ajqrd5", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmr6i2ajqrd5 (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0.txt new file mode 100644 index 00000000000..e97484ff8eb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/202308.22.0.txt @@ -0,0 +1,846 @@ +Starting build on Tue Aug 22 16:25:19 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:37 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:39 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:41 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +acl/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed] +adduser/bionic,now 3.116ubuntu1 all [installed,automatic] +apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +apt/bionic-updates,now 1.6.17 amd64 [installed,automatic] +apt-transport-https/bionic-updates,now 1.6.17 all [installed] +apt-utils/bionic-updates,now 1.6.17 amd64 [installed,automatic] +at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed] +attr/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +base-files/bionic-updates,now 10.1ubuntu2.11 amd64 [installed,automatic] +base-passwd/bionic,now 3.5.44 amd64 [installed,automatic] +bash/bionic-updates,bionic-security,now 4.4.18-2ubuntu1.3 amd64 [installed] +bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed,automatic] +bc/bionic,now 1.07.1-2 amd64 [installed,automatic] +bcache-tools/bionic-updates,now 1.0.8-2ubuntu0.18.04.1 amd64 [installed] +bind9-host/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +binfmt-support/bionic,now 2.1.8-2 amd64 [installed,automatic] +binutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-common/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +blobfuse/bionic,now 1.4.5 amd64 [installed] +blobfuse2/bionic,now 2.0.5 amd64 [installed] +bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed,automatic] +bsdutils/bionic-updates,bionic-security,now 1:2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed,automatic] +btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed] +build-essential/bionic,now 12.4ubuntu1 amd64 [installed] +busybox-initramfs/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +busybox-static/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +byobu/bionic,now 5.125-0ubuntu1 all [installed] +bzip2/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +ca-certificates/bionic-updates,bionic-security,now 20230311ubuntu0.18.04.1 all [installed] +ceph-common/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed] +cgroup-lite/bionic,now 1.15 all [installed] +chrony/bionic-updates,bionic-security,now 3.2-4ubuntu4.5 amd64 [installed] +cifs-utils/bionic-updates,bionic-security,now 2:6.8-1ubuntu1.2 amd64 [installed] +cloud-guest-utils/bionic,now 0.30-0ubuntu5 all [installed] +cloud-init/bionic-updates,bionic-security,now 23.1.2-0ubuntu0~18.04.1 all [installed] +cloud-initramfs-copymods/bionic-updates,now 0.40ubuntu1.1 all [installed] +cloud-initramfs-dyn-netconf/bionic-updates,now 0.40ubuntu1.1 all [installed] +command-not-found/bionic-updates,now 18.04.6 all [installed,automatic] +command-not-found-data/bionic-updates,now 18.04.6 amd64 [installed,automatic] +conntrack/bionic,now 1:1.4.4+snapshot20161117-6ubuntu2 amd64 [installed] +console-setup/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +console-setup-linux/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed,automatic] +cpio/bionic-updates,bionic-security,now 2.12+dfsg-6ubuntu0.18.04.4 amd64 [installed,automatic] +cpp/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +cpp-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +cracklib-runtime/bionic,now 2.9.2-5build1 amd64 [installed] +crda/bionic,now 3.18-1build1 amd64 [installed] +cron/bionic-updates,bionic-security,now 3.0pl1-128.1ubuntu1.2 amd64 [installed,automatic] +cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed] +dash/bionic,now 0.5.8-2.10 amd64 [installed] +dbus/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +dbus-user-session/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debconf-i18n/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debianutils/bionic,now 4.8.4 amd64 [installed,automatic] +diffutils/bionic,now 1:3.6-1 amd64 [installed] +dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 amd64 [installed,automatic] +distro-info-data/bionic-updates,now 0.37ubuntu0.17 all [installed,automatic] +dkms/bionic-updates,now 2.3-3ubuntu9.7 all [installed] +dmeventd/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dmidecode/bionic-updates,now 3.1-1ubuntu0.1 amd64 [installed,automatic] +dmsetup/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dns-root-data/bionic,now 2018013001 all [installed,automatic] +dnsmasq-base/bionic-updates,bionic-security,now 2.79-1ubuntu0.7 amd64 [installed,automatic] +dnsutils/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +dosfstools/bionic,now 4.1-1 amd64 [installed,automatic] +dpkg/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 amd64 [installed,automatic] +dpkg-dev/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +e2fsprogs/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +eatmydata/bionic,now 105-6 all [installed] +ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed] +ed/bionic,now 1.10-2.1 amd64 [installed,automatic] +efibootmgr/bionic,now 15-1 amd64 [installed,automatic] +eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed,automatic] +ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed] +fdisk/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed] +fonts-ubuntu-console/bionic,now 0.83-2 all [installed] +friendly-recovery/bionic-updates,now 0.2.38ubuntu1.2 all [installed,automatic] +ftp/bionic,now 0.17-34 amd64 [installed,automatic] +fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed] +g++/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +g++-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed,automatic] +gcc/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed] +gcc-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-7-base/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-8-base/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +gdisk/bionic,now 1.0.3-1 amd64 [installed,automatic] +geoip-database/bionic,now 20180315-1 all [installed,automatic] +gettext-base/bionic-updates,bionic-security,now 0.19.8.1-6ubuntu0.3 amd64 [installed,automatic] +gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed,automatic] +git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 amd64 [installed] +git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 all [installed,automatic] +glusterfs-client/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +glusterfs-common/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 all [installed,automatic] +gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +grep/bionic-updates,now 3.1-2build1 amd64 [installed] +groff-base/bionic,now 1.22.3-10 amd64 [installed,automatic] +grub-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-efi-amd64-bin/bionic-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/bionic-updates,now 1.187.3~18.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/bionic,now 0.7 amd64 [installed,automatic] +grub-pc/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-pc-bin/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub2-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +gzip/bionic-updates,bionic-security,now 1.6-5ubuntu1.2 amd64 [installed] +hdparm/bionic,now 9.54+ds-1 amd64 [installed,automatic] +hostname/bionic,now 3.20 amd64 [installed] +htop/bionic,now 2.1.0-3 amd64 [installed] +iftop/bionic,now 1.0~pre4-4 amd64 [installed] +info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +init/bionic,now 1.51 amd64 [installed] +init-system-helpers/bionic,now 1.51 all [installed] +initramfs-tools/bionic-updates,now 0.130ubuntu3.13 all [installed] +initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.13 amd64 [installed,automatic] +initramfs-tools-core/bionic-updates,now 0.130ubuntu3.13 all [installed,automatic] +inotify-tools/bionic,now 3.14-2 amd64 [installed] +install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +iotop/bionic,now 0.6-2 amd64 [installed] +iproute2/bionic-updates,now 4.15.0-2ubuntu1.3 amd64 [installed] +ipset/bionic,now 6.34-1 amd64 [installed] +iptables/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed] +iputils-ping/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +iputils-tracepath/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +irqbalance/bionic-updates,now 1.3.0-0.1ubuntu0.18.04.1 amd64 [installed,automatic] +isc-dhcp-client/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +isc-dhcp-common/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +iso-codes/bionic,now 3.79-1 all [installed,automatic] +iw/bionic,now 4.14-0.1 amd64 [installed] +jq/bionic,now 1.5+dfsg-2 amd64 [installed] +kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed,automatic] +keyboard-configuration/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +keyutils/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed] +klibc-utils/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +kmod/bionic-updates,now 24-1ubuntu3.5 amd64 [installed] +krb5-locales/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 all [installed,automatic] +landscape-common/bionic-updates,now 18.01-0ubuntu3.6 amd64 [installed] +language-selector-common/bionic-updates,now 0.188.3 all [installed,automatic] +less/bionic,now 487-0.1 amd64 [installed,automatic] +libaccountsservice0/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +libacl1/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libacl1-dev/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libaio1/bionic-updates,now 0.3.110-5ubuntu0.1 amd64 [installed,automatic] +libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +libapt-inst2.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libapt-pkg5.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed,automatic] +libasan4/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libasn1-8-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libassuan0/bionic,now 2.5.1-2 amd64 [installed,automatic] +libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed,automatic] +libatomic1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libattr1-dev/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libaudit-common/bionic-updates,now 1:2.8.2-1ubuntu1.1 all [installed,automatic] +libaudit1/bionic-updates,now 1:2.8.2-1ubuntu1.1 amd64 [installed,automatic] +libavahi-client3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common-data/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libbabeltrace1/bionic,now 1.5.5-1 amd64 [installed,automatic] +libbind9-160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libbinutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +libblkid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libbsd0/bionic-updates,bionic-security,now 0.8.7-1ubuntu0.1 amd64 [installed,automatic] +libbz2-1.0/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +libc-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc-dev-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6-dev/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed,automatic] +libcap2/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcap2-bin/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcc1-0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libcephfs2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libcilkrts5/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libcom-err2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libcrack2/bionic,now 2.9.2-5build1 amd64 [installed,automatic] +libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +libcups2/now 2.2.7-1ubuntu2.10+esm1 amd64 [installed,local] +libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libdb5.3/bionic-updates,bionic-security,now 5.3.28-13.1ubuntu1.1 amd64 [installed,automatic] +libdbus-1-3/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed,automatic] +libdevmapper-event1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdevmapper1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdns-export1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdns1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdpkg-perl/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +libdrm-common/bionic-updates,now 2.4.101-2~18.04.1 all [installed,automatic] +libdrm2/bionic-updates,now 2.4.101-2~18.04.1 amd64 [installed,automatic] +libdumbnet1/bionic,now 1.12-7build1 amd64 [installed] +libdw1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed] +libeatmydata1/bionic,now 105-6 amd64 [installed] +libedit2/bionic,now 3.1-20170329-1 amd64 [installed,automatic] +libefiboot1/bionic,now 34-1 amd64 [installed,automatic] +libefivar1/bionic,now 34-1 amd64 [installed,automatic] +libelf1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed,automatic] +liberror-perl/bionic,now 0.17025-1 all [installed,automatic] +libestr0/bionic,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed,automatic] +libexpat1/bionic-updates,bionic-security,now 2.2.5-3ubuntu0.9 amd64 [installed,automatic] +libext2fs2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libfastjson4/bionic,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libffi6/bionic,now 3.2.1-8 amd64 [installed,automatic] +libfreetype6/bionic-updates,bionic-security,now 2.8.1-2ubuntu2.2 amd64 [installed,automatic] +libfribidi0/bionic-updates,bionic-security,now 0.19.7-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed,automatic] +libgcc-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libgcc1/bionic-updates,bionic-security,now 1:8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgcrypt20/bionic-updates,bionic-security,now 1.8.1-4ubuntu1.3 amd64 [installed,automatic] +libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgdbm5/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgeoip1/bionic,now 1.6.12-1 amd64 [installed,automatic] +libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed,automatic] +libglib2.0-0/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 amd64 [installed,automatic] +libglib2.0-data/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 all [installed,automatic] +libgmp10/bionic-updates,bionic-security,now 2:6.1.2+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libgnutls30/bionic-updates,bionic-security,now 3.5.18-1ubuntu1.6 amd64 [installed,automatic] +libgomp1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgoogle-perftools4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libgpg-error0/bionic,now 1.27-6 amd64 [installed,automatic] +libgpm2/bionic,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libgssapi3-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhcrypto4-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimbase1-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimntlm0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhogweed4/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libhx509-5-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libibverbs1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libicu60/bionic-updates,bionic-security,now 60.2-3ubuntu3.2 amd64 [installed,automatic] +libidn11/bionic-updates,now 1.33-2.1ubuntu1.2 amd64 [installed,automatic] +libidn2-0/bionic-updates,bionic-security,now 2.0.4-1.1ubuntu0.2 amd64 [installed,automatic] +libinotifytools0/bionic,now 3.14-2 amd64 [installed,automatic] +libip4tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libip6tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libipset3/bionic,now 6.34-1 amd64 [installed,automatic] +libiptc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libirs160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc-export169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccc160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccfg160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisl19/bionic,now 0.19-1 amd64 [installed,automatic] +libisns0/bionic,now 0.97-2build1 amd64 [installed,automatic] +libitm1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libjansson4/bionic,now 2.11-1 amd64 [installed] +libjq1/bionic,now 1.5+dfsg-2 amd64 [installed,automatic] +libjson-c3/bionic-updates,bionic-security,now 0.12.1-1.3ubuntu0.3 amd64 [installed,automatic] +libk5crypto3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkeyutils1/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed,automatic] +libklibc/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +libkmod2/bionic-updates,now 24-1ubuntu3.5 amd64 [installed,automatic] +libkrb5-26-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libkrb5-3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkrb5support0/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libksba8/bionic-updates,bionic-security,now 1.3.5-2ubuntu0.18.04.2 amd64 [installed,automatic] +libldap-2.4-2/now 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 [installed,local] +libldap-common/now 2.4.45+dfsg-1ubuntu1.11+esm1 all [installed,local] +libldb1/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed,automatic] +liblsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +liblvm2app2.2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblvm2cmd2.02/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblwres160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +liblxc-common/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblxc1/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblz4-1/bionic-updates,bionic-security,now 0.0~r131-2ubuntu3.1 amd64 [installed,automatic] +liblzma5/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed,automatic] +liblzo2-2/bionic,now 2.08-1.2 amd64 [installed,automatic] +libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmnl0/bionic,now 1.0.4-2 amd64 [installed,automatic] +libmount1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libmpc3/bionic,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed,automatic] +libmpfr6/bionic,now 4.0.1-1 amd64 [installed,automatic] +libmpx2/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libncurses5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libncursesw5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed,automatic] +libnetplan0/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +libnettle6/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed,automatic] +libnfsidmap2/bionic,now 0.25-5.1 amd64 [installed,automatic] +libnftnl7/bionic,now 1.0.9-2 amd64 [installed,automatic] +libnghttp2-14/now 1.30.0-1ubuntu1+esm1 amd64 [installed,local] +libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed,automatic] +libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-route-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic] +libnpth0/bionic,now 1.5-3 amd64 [installed,automatic] +libnspr4/bionic,now 2:4.18-1ubuntu1 amd64 [installed,automatic] +libnss-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libnss3/bionic-updates,bionic-security,now 2:3.35-2ubuntu2.16 amd64 [installed,automatic] +libntfs-3g88/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +libnuma1/bionic-updates,now 2.0.11-2.1ubuntu0.1 amd64 [installed,automatic] +libonig4/now 6.7.0-1ubuntu0.1~esm2 amd64 [installed,local] +libp11-kit0/bionic-updates,bionic-security,now 0.23.9-2ubuntu0.1 amd64 [installed,automatic] +libpam-cap/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libpam-modules/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-modules-bin/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-pwquality/bionic,now 1.4.0-2 amd64 [installed] +libpam-runtime/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 all [installed,automatic] +libpam-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libpam0g/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libparted2/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +libpcap0.8/bionic-updates,now 1.8.1-6ubuntu1.18.04.2 amd64 [installed,automatic] +libpci3/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +libpcre3/bionic-updates,bionic-security,now 2:8.39-9ubuntu0.1 amd64 [installed,automatic] +libperl5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +libpipeline1/bionic,now 1.5.0-1 amd64 [installed,automatic] +libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.2 amd64 [installed,automatic] +libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpopt0/bionic,now 1.16-11 amd64 [installed,automatic] +libprocps6/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +libpsl5/bionic,now 0.19.1-5build1 amd64 [installed,automatic] +libpwquality-common/bionic,now 1.4.0-2 all [installed,automatic] +libpwquality-tools/bionic,now 1.4.0-2 amd64 [installed] +libpwquality1/bionic,now 1.4.0-2 amd64 [installed,automatic] +libpython-stdlib/bionic,now 2.7.15~rc1-1 amd64 [installed] +libpython2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3-stdlib/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +libpython3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-stdlib/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libquadmath0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +librados2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libradosstriper1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librbd1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librdmacm1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed,automatic] +libreadline7/bionic,now 7.0-3 amd64 [installed,automatic] +libroken18-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed,automatic] +libsasl2-2/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules-db/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libseccomp2/bionic-updates,bionic-security,now 2.5.1-1ubuntu1~18.04.2 amd64 [installed,automatic] +libselinux1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsemanage-common/bionic,now 2.7-2build2 all [installed,automatic] +libsemanage1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsensors4/bionic-updates,now 1:3.4.0-4ubuntu0.1 amd64 [installed,automatic] +libsepol1/bionic-updates,bionic-security,now 2.7-1ubuntu0.1 amd64 [installed,automatic] +libsigsegv2/bionic,now 2.12-1 amd64 [installed,automatic] +libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed,automatic] +libsmartcols1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libsnappy1v5/bionic,now 1.1.7-1 amd64 [installed,automatic] +libsqlite3-0/bionic-updates,bionic-security,now 3.22.0-1ubuntu0.7 amd64 [installed,automatic] +libss2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libssl1.0.0/bionic-updates,bionic-security,now 1.0.2n-1ubuntu5.13 amd64 [installed,automatic] +libssl1.1/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +libstdc++-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libstdc++6/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libsysfs2/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed,automatic] +libsystemd0/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libtalloc2/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +libtasn1-6/bionic,now 4.13-2 amd64 [installed,automatic] +libtcmalloc-minimal4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libtdb1/bionic,now 1.3.15-2 amd64 [installed] +libtevent0/bionic,now 0.9.34-1 amd64 [installed] +libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed,automatic] +libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed,automatic] +libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed,automatic] +libtinfo5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libtirpc1/bionic-updates,bionic-security,now 0.2.5-1.2ubuntu0.1 amd64 [installed,automatic] +libtsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libubsan0/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libudev1/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libunistring2/bionic-updates,now 0.9.9-0ubuntu2 amd64 [installed,automatic] +libunwind8/bionic-updates,now 1.2.1-8ubuntu0.1 amd64 [installed,automatic] +liburcu6/bionic-updates,now 0.10.1-1ubuntu1 amd64 [installed,automatic] +libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed,automatic] +libutempter0/bionic,now 1.1.6-3 amd64 [installed,automatic] +libuuid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libuv1/bionic,now 1.18.0-3 amd64 [installed,automatic] +libwbclient0/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +libwind0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libwrap0/bionic,now 7.6.q-27 amd64 [installed] +libx11-6/now 2:1.6.4-3ubuntu0.4+esm1 amd64 [installed,local] +libx11-data/now 2:1.6.4-3ubuntu0.4+esm1 all [installed,local] +libxau6/bionic-updates,now 1:1.0.8-1ubuntu1 amd64 [installed,automatic] +libxcb1/bionic-updates,now 1.13-2~ubuntu18.04 amd64 [installed,automatic] +libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed,automatic] +libxext6/bionic,now 2:1.3.3-1 amd64 [installed,automatic] +libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.9 amd64 [installed,automatic] +libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed,automatic] +libxtables12/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed,automatic] +libzstd1/bionic-updates,bionic-security,now 1.3.3+dfsg-2ubuntu1.2 amd64 [installed,automatic] +linux-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-azure-5.4-cloud-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-cloud-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-5.4-headers-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 all [installed] +linux-azure-5.4-headers-5.4.0-1112/now 5.4.0-1112.118~18.04.1 all [installed,local] +linux-azure-5.4-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-base/bionic-updates,now 4.5ubuntu1.7 all [installed,automatic] +linux-base-sgx/bionic-updates,now 4.5ubuntu1.7 all [installed] +linux-cloud-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-cloud-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-cloud-tools-common/now 4.15.0-214.225 all [installed,local] +linux-headers-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-headers-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-image-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-image-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-libc-dev/now 4.15.0-214.225 amd64 [installed,local] +linux-modules-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-modules-extra-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-tools-common/now 4.15.0-214.225 all [installed,local] +locales/bionic-updates,now 2.27-3ubuntu1.6 all [installed,automatic] +login/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed] +logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed,automatic] +lsb-base/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lsb-release/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.2 amd64 [installed,automatic] +lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed,automatic] +lsscsi/bionic,now 0.28-0.1 amd64 [installed] +ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed,automatic] +lvm2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed] +lxcfs/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +lxd/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed] +lxd-client/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed,automatic] +make/bionic,now 4.1-9.1ubuntu1 amd64 [installed] +man-db/bionic-updates,now 2.8.3-2ubuntu0.1 amd64 [installed,automatic] +manpages/bionic,now 4.15-1 all [installed,automatic] +mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed,automatic] +mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.4 amd64 [installed] +mime-support/bionic,now 3.60ubuntu1 all [installed,automatic] +mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu18.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu18.04u1] +moby-runc/testing,bionic,now 1.1.7+azure-ubuntu18.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu18.04u1] +mokutil/bionic-updates,now 0.6.0-2~18.04.1 amd64 [installed] +motd-news-config/bionic-updates,now 10.1ubuntu2.11 all [installed] +mount/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +mtr-tiny/bionic,now 0.92-1 amd64 [installed,automatic] +multiarch-support/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +nano/bionic,now 2.9.3-2 amd64 [installed,automatic] +ncurses-base/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +ncurses-bin/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed] +ncurses-term/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed] +netbase/bionic,now 5.4 all [installed,automatic] +netcat/bionic,now 1.10-41.1 all [installed] +netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed,automatic] +netcat-traditional/bionic,now 1.10-41.1 amd64 [installed,automatic] +netplan.io/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +networkd-dispatcher/bionic-updates,bionic-security,now 1.7-0ubuntu3.5 all [installed,automatic] +nfs-common/bionic-updates,now 1:1.3.4-2.1ubuntu5.5 amd64 [installed] +nftables/bionic,now 0.8.2-1 amd64 [installed] +nplan/bionic-updates,now 0.99-0ubuntu3~18.04.5 all [installed,automatic] +ntfs-3g/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +open-iscsi/now 2.0.874-5ubuntu2.11+esm1 amd64 [installed,local] +openssh-client/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-sftp-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssl/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic] +overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed] +packages-microsoft-prod/bionic,now 1.0-ubuntu18.04.2 all [installed] +parted/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +passwd/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +pastebinit/bionic,now 1.5-2 all [installed,automatic] +patch/bionic-updates,bionic-security,now 2.7.6-2ubuntu1.1 amd64 [installed] +pciutils/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +perl/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-base/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-modules-5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 all [installed,automatic] +pigz/bionic,now 2.4-1 amd64 [installed] +pinentry-curses/bionic,now 1.1.0-1 amd64 [installed,automatic] +plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.2 all [installed] +popularity-contest/bionic,now 1.66ubuntu1 all [installed,automatic] +powermgmt-base/bionic,now 1.33 all [installed,automatic] +procps/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +psmisc/bionic-updates,now 23.1-1ubuntu0.1 amd64 [installed,automatic] +publicsuffix/bionic,now 20180223.1310-1 all [installed,automatic] +python/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-apt-common/bionic-updates,now 1.6.6 all [installed,automatic] +python-cephfs/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python-crypto/bionic,now 2.6.1-8ubuntu2 amd64 [installed] +python-idna/bionic,now 2.6-1 all [installed,automatic] +python-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed,automatic] +python-ldb/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +python-minimal/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python-prettytable/bionic,now 0.7.2-3 all [installed,automatic] +python-rados/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-rbd/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python-samba/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +python-six/bionic,now 1.11.0-2 all [installed] +python-talloc/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +python-tdb/bionic,now 1.3.15-2 amd64 [installed] +python-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python3/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-apport/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-apt/bionic-updates,now 1.6.6 amd64 [installed,automatic] +python3-asn1crypto/bionic,now 0.24.0-1 all [installed,automatic] +python3-attr/bionic,now 17.4.0-2 all [installed,automatic] +python3-automat/bionic,now 0.6.0-1 all [installed,automatic] +python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed] +python3-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed,automatic] +python3-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python3-click/bionic,now 6.7-3 all [installed,automatic] +python3-colorama/bionic,now 0.3.7-1 all [installed,automatic] +python3-commandnotfound/bionic-updates,now 18.04.6 all [installed,automatic] +python3-configobj/bionic,now 5.0.6-2 all [installed,automatic] +python3-constantly/bionic,now 15.1.0-1 all [installed,automatic] +python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.4 amd64 [installed,automatic] +python3-dbus/bionic,now 1.2.6-1 amd64 [installed,automatic] +python3-debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +python3-debian/bionic,now 0.1.32 all [installed,automatic] +python3-distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 all [installed,automatic] +python3-distupgrade/bionic-updates,now 1:18.04.45 all [installed,automatic] +python3-distutils/bionic-updates,now 3.6.9-1~18.04 all [installed] +python3-gdbm/bionic-updates,now 3.6.9-1~18.04 amd64 [installed,automatic] +python3-gi/bionic-updates,now 3.26.1-2ubuntu1 amd64 [installed,automatic] +python3-httplib2/bionic-updates,now 0.9.2+dfsg-1ubuntu0.3 all [installed,automatic] +python3-hyperlink/bionic,now 17.3.1-2 all [installed,automatic] +python3-idna/bionic,now 2.6-1 all [installed,automatic] +python3-incremental/bionic,now 16.10.1-3 all [installed,automatic] +python3-jinja2/bionic-updates,bionic-security,now 2.10-1ubuntu0.18.04.1 all [installed] +python3-json-pointer/bionic,now 1.10-1 all [installed] +python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed] +python3-jsonschema/bionic,now 2.6.0-2 all [installed] +python3-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed] +python3-lib2to3/bionic-updates,now 3.6.9-1~18.04 all [installed,automatic] +python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed] +python3-minimal/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-netifaces/bionic,now 0.10.4-0.1build4 amd64 [installed,automatic] +python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +python3-oauthlib/bionic,now 2.0.6-1 all [installed] +python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed,automatic] +python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed,automatic] +python3-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python3-pexpect/bionic,now 4.2.1-1 all [installed,automatic] +python3-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python3-problem-report/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-ptyprocess/bionic,now 0.5.2-1 all [installed,automatic] +python3-pyasn1/bionic,now 0.4.2-3 all [installed,automatic] +python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed,automatic] +python3-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed,automatic] +python3-serial/bionic,now 3.4-2 all [installed,automatic] +python3-service-identity/bionic,now 16.0.0-2 all [installed,automatic] +python3-six/bionic,now 1.11.0-2 all [installed,automatic] +python3-software-properties/bionic-updates,now 0.96.24.32.22 all [installed,automatic] +python3-twisted/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 all [installed,automatic] +python3-twisted-bin/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 amd64 [installed,automatic] +python3-update-manager/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +python3-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python3-yaml/bionic,now 3.12-1build2 amd64 [installed,automatic] +python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed,automatic] +python3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +python3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +readline-common/bionic,now 7.0-3 all [installed,automatic] +rng-tools/bionic,now 5-0ubuntu4 amd64 [installed] +rpcbind/bionic-updates,bionic-security,now 0.2.3-0.6ubuntu0.18.04.4 amd64 [installed,automatic] +rsync/bionic-updates,bionic-security,now 3.1.2-2.1ubuntu1.6 amd64 [installed,automatic] +rsyslog/bionic-updates,bionic-security,now 8.32.0-1ubuntu4.2 amd64 [installed,automatic] +run-one/bionic,now 1.17-0ubuntu1 all [installed,automatic] +samba-common/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 all [installed] +samba-common-bin/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +samba-libs/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +sbsigntool/bionic-updates,now 0.9.2-2ubuntu1~18.04.2 amd64 [installed] +screen/now 4.6.2-1ubuntu1.1+esm1 amd64 [installed,local] +secureboot-db/bionic-updates,now 1.4~ubuntu0.18.04.1 amd64 [installed] +sed/bionic,now 4.4-2 amd64 [installed,automatic] +sensible-utils/bionic,now 0.0.12 all [installed,automatic] +shared-mime-info/bionic,now 1.9-2 amd64 [installed,automatic] +shim-signed/bionic-updates,now 1.37~18.04.13+15.7-0ubuntu1 amd64 [installed] +socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed] +software-properties-common/bionic-updates,now 0.96.24.32.22 all [installed] +sosreport/bionic-updates,now 4.4-1ubuntu0.18.04.1 amd64 [installed] +squashfs-tools/bionic-updates,bionic-security,now 1:4.3-6ubuntu0.18.04.4 amd64 [installed,automatic] +ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed] +strace/bionic,now 4.21-1ubuntu1 amd64 [installed,automatic] +sudo/bionic-updates,bionic-security,now 1.8.21p2-3ubuntu1.6 amd64 [installed,automatic] +sysfsutils/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed] +sysstat/now 11.6.1-1ubuntu0.2+esm1 amd64 [installed,local] +systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +systemd-sysv/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed] +tar/bionic-updates,bionic-security,now 1.29b-2ubuntu0.4 amd64 [installed,automatic] +tcpdump/bionic-updates,now 4.9.3-0ubuntu0.18.04.3 amd64 [installed,automatic] +telnet/bionic,now 0.17-41 amd64 [installed,automatic] +time/bionic,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/bionic-updates,bionic-security,now 2.6-3ubuntu0.3 amd64 [installed] +traceroute/bionic,now 1:2.1.0-2 amd64 [installed] +tzdata/bionic-updates,bionic-security,now 2023c-0ubuntu0.18.04 all [installed,automatic] +ubuntu-advantage-tools/bionic-updates,now 28.1~18.04 amd64 [installed,automatic] +ubuntu-keyring/bionic-updates,now 2018.09.18.1~18.04.2 all [installed,automatic] +ubuntu-minimal/bionic-updates,now 1.417.5 amd64 [installed] +ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.45 all [installed,automatic] +ubuntu-standard/bionic-updates,now 1.417.5 amd64 [installed] +ucf/bionic,now 3.0038 all [installed,automatic] +udev/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +ufw/bionic-updates,now 0.36-0ubuntu0.18.04.2 all [installed,automatic] +uidmap/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.14 all [installed,automatic] +update-manager-core/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +update-notifier-common/bionic-updates,now 3.192.1.19 all [installed] +ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] +usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] +util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] +wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] +whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +wireless-regdb/bionic-updates,bionic-security,now 2022.06.06-0ubuntu1~18.04.1 all [installed] +xauth/bionic,now 1:1.0.10-1 amd64 [installed,automatic] +xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] +xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] +xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] +zip/bionic,now 3.0-11build1 amd64 [installed] +zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +udev 3.4G 0 3.4G 0% /dev +tmpfs 694M 632K 694M 1% /run +/dev/sda1 29G 22G 7.2G 76% / +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sda15 105M 5.3M 100M 5% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 694M 0 694M 0% /run/user/1000 +Using kernel: +Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 +Install completed successfully on Tue Aug 22 17:04:58 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 18.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: +=== os-release Begin +NAME="Ubuntu" +VERSION="18.04.6 LTS (Bionic Beaver)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 18.04.6 LTS" +VERSION_ID="18.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=bionic +UBUNTU_CODENAME=bionic +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-image-list.json index 2f5e0781c6e..8c1ffa58372 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "1804gen2containerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-report.json index 810269dde26..af0f4392dca 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmgaqg2k6an1", + "ArtifactName": "pkrvmr6i2ajqrd5", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmgaqg2k6an1 (ubuntu 18.04)", + "Target": "pkrvmr6i2ajqrd5 (ubuntu 18.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest.txt index 57c4eeb6f31..e97484ff8eb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804containerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:11:01 UTC 2023 +Starting build on Tue Aug 22 16:25:19 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,17 +131,17 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 593 Aug 16 17:11 /usr/local/bin/logrotate.sh --r-xr--r-- 1 root root 2462 Aug 16 17:11 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:11 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:19 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:19 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:22 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:22 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:25 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:25 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:25 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:26 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:37 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:39 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:39 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:39 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:41 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] @@ -789,10 +790,10 @@ ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] -vim/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] -vim-common/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] @@ -802,7 +803,7 @@ xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] -xxd/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] zip/bionic,now 3.0-11build1 amd64 [installed] zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] @@ -811,7 +812,7 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on udev 3.4G 0 3.4G 0% /dev tmpfs 694M 632K 694M 1% /run -/dev/sda1 29G 22G 7.4G 75% / +/dev/sda1 29G 22G 7.2G 76% / tmpfs 3.4G 0 3.4G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup @@ -820,10 +821,10 @@ tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup tmpfs 694M 0 694M 0% /run/user/1000 Using kernel: Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 -Install completed successfully on Wed Aug 16 17:47:46 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:04:58 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 18.04 Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..11160eb4521 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "1804gen2fipscontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..3eb89003461 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmmzwsf9lukj", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmmzwsf9lukj (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0.txt new file mode 100644 index 00000000000..251dfc25c96 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/202308.22.0.txt @@ -0,0 +1,860 @@ +Starting build on Tue Aug 22 16:25:34 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:37 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:42 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:42 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:42 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:45 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +acl/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed] +adduser/bionic,now 3.116ubuntu1 all [installed,automatic] +apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +apt/bionic-updates,now 1.6.17 amd64 [installed,automatic] +apt-transport-https/bionic-updates,now 1.6.17 all [installed] +apt-utils/bionic-updates,now 1.6.17 amd64 [installed,automatic] +at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed] +attr/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +base-files/bionic-updates,now 10.1ubuntu2.11 amd64 [installed,automatic] +base-passwd/bionic,now 3.5.44 amd64 [installed,automatic] +bash/bionic-updates,bionic-security,now 4.4.18-2ubuntu1.3 amd64 [installed] +bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed,automatic] +bc/bionic,now 1.07.1-2 amd64 [installed,automatic] +bcache-tools/bionic-updates,now 1.0.8-2ubuntu0.18.04.1 amd64 [installed] +bind9-host/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +binfmt-support/bionic,now 2.1.8-2 amd64 [installed,automatic] +binutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-common/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +blobfuse/bionic,now 1.4.5 amd64 [installed] +blobfuse2/bionic,now 2.0.5 amd64 [installed] +bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed,automatic] +bsdutils/bionic-updates,bionic-security,now 1:2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed,automatic] +btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed] +build-essential/bionic,now 12.4ubuntu1 amd64 [installed] +busybox-initramfs/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +busybox-static/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +byobu/bionic,now 5.125-0ubuntu1 all [installed] +bzip2/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +ca-certificates/bionic-updates,bionic-security,now 20230311ubuntu0.18.04.1 all [installed] +ceph-common/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed] +cgroup-lite/bionic,now 1.15 all [installed] +chrony/bionic-updates,bionic-security,now 3.2-4ubuntu4.5 amd64 [installed] +cifs-utils/bionic-updates,bionic-security,now 2:6.8-1ubuntu1.2 amd64 [installed] +cloud-guest-utils/bionic,now 0.30-0ubuntu5 all [installed] +cloud-init/bionic-updates,bionic-security,now 23.1.2-0ubuntu0~18.04.1 all [installed] +cloud-initramfs-copymods/bionic-updates,now 0.40ubuntu1.1 all [installed] +cloud-initramfs-dyn-netconf/bionic-updates,now 0.40ubuntu1.1 all [installed] +command-not-found/bionic-updates,now 18.04.6 all [installed,automatic] +command-not-found-data/bionic-updates,now 18.04.6 amd64 [installed,automatic] +conntrack/bionic,now 1:1.4.4+snapshot20161117-6ubuntu2 amd64 [installed] +console-setup/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +console-setup-linux/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed,automatic] +cpio/bionic-updates,bionic-security,now 2.12+dfsg-6ubuntu0.18.04.4 amd64 [installed,automatic] +cpp/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +cpp-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +cracklib-runtime/bionic,now 2.9.2-5build1 amd64 [installed] +crda/bionic,now 3.18-1build1 amd64 [installed] +cron/bionic-updates,bionic-security,now 3.0pl1-128.1ubuntu1.2 amd64 [installed,automatic] +cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed] +dash/bionic,now 0.5.8-2.10 amd64 [installed] +dbus/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +dbus-user-session/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debconf-i18n/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debianutils/bionic,now 4.8.4 amd64 [installed,automatic] +diffutils/bionic,now 1:3.6-1 amd64 [installed] +dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 amd64 [installed,automatic] +distro-info-data/bionic-updates,now 0.37ubuntu0.17 all [installed,automatic] +dkms/bionic-updates,now 2.3-3ubuntu9.7 all [installed] +dmeventd/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dmidecode/bionic-updates,now 3.1-1ubuntu0.1 amd64 [installed,automatic] +dmsetup/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dns-root-data/bionic,now 2018013001 all [installed,automatic] +dnsmasq-base/bionic-updates,bionic-security,now 2.79-1ubuntu0.7 amd64 [installed,automatic] +dnsutils/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +dosfstools/bionic,now 4.1-1 amd64 [installed,automatic] +dpkg/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 amd64 [installed,automatic] +dpkg-dev/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +e2fsprogs/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +eatmydata/bionic,now 105-6 all [installed] +ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed] +ed/bionic,now 1.10-2.1 amd64 [installed,automatic] +efibootmgr/bionic,now 15-1 amd64 [installed,automatic] +eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed,automatic] +ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed] +fdisk/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed] +fips-initramfs/now 0.0.10 amd64 [installed,local] +fonts-ubuntu-console/bionic,now 0.83-2 all [installed] +friendly-recovery/bionic-updates,now 0.2.38ubuntu1.2 all [installed,automatic] +ftp/bionic,now 0.17-34 amd64 [installed,automatic] +fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed] +g++/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +g++-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed,automatic] +gcc/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed] +gcc-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-7-base/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-8-base/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +gdisk/bionic,now 1.0.3-1 amd64 [installed,automatic] +geoip-database/bionic,now 20180315-1 all [installed,automatic] +gettext-base/bionic-updates,bionic-security,now 0.19.8.1-6ubuntu0.3 amd64 [installed,automatic] +gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed,automatic] +git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 amd64 [installed] +git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 all [installed,automatic] +glusterfs-client/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +glusterfs-common/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 all [installed,automatic] +gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +grep/bionic-updates,now 3.1-2build1 amd64 [installed] +groff-base/bionic,now 1.22.3-10 amd64 [installed,automatic] +grub-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-efi-amd64-bin/bionic-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/bionic-updates,now 1.187.3~18.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/bionic,now 0.7 amd64 [installed,automatic] +grub-pc/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-pc-bin/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub2-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +gzip/bionic-updates,bionic-security,now 1.6-5ubuntu1.2 amd64 [installed] +hdparm/bionic,now 9.54+ds-1 amd64 [installed,automatic] +hostname/bionic,now 3.20 amd64 [installed] +htop/bionic,now 2.1.0-3 amd64 [installed] +iftop/bionic,now 1.0~pre4-4 amd64 [installed] +info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +init/bionic,now 1.51 amd64 [installed] +init-system-helpers/bionic,now 1.51 all [installed] +initramfs-tools/bionic-updates,now 0.130ubuntu3.13 all [installed] +initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.13 amd64 [installed,automatic] +initramfs-tools-core/bionic-updates,now 0.130ubuntu3.13 all [installed,automatic] +inotify-tools/bionic,now 3.14-2 amd64 [installed] +install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +iotop/bionic,now 0.6-2 amd64 [installed] +iproute2/bionic-updates,now 4.15.0-2ubuntu1.3 amd64 [installed] +ipset/bionic,now 6.34-1 amd64 [installed] +iptables/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed] +iputils-ping/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +iputils-tracepath/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +irqbalance/bionic-updates,now 1.3.0-0.1ubuntu0.18.04.1 amd64 [installed,automatic] +isc-dhcp-client/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +isc-dhcp-common/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +iso-codes/bionic,now 3.79-1 all [installed,automatic] +iw/bionic,now 4.14-0.1 amd64 [installed] +jq/bionic,now 1.5+dfsg-2 amd64 [installed] +kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed,automatic] +kcapi-tools/now 1.0.3-2fips3 amd64 [installed,local] +keyboard-configuration/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +keyutils/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed] +klibc-utils/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +kmod/bionic-updates,now 24-1ubuntu3.5 amd64 [installed] +krb5-locales/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 all [installed,automatic] +landscape-common/bionic-updates,now 18.01-0ubuntu3.6 amd64 [installed] +language-selector-common/bionic-updates,now 0.188.3 all [installed,automatic] +less/bionic,now 487-0.1 amd64 [installed,automatic] +libaccountsservice0/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +libacl1/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libacl1-dev/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libaio1/bionic-updates,now 0.3.110-5ubuntu0.1 amd64 [installed,automatic] +libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +libapt-inst2.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libapt-pkg5.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed,automatic] +libasan4/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libasn1-8-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libassuan0/bionic,now 2.5.1-2 amd64 [installed,automatic] +libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed,automatic] +libatomic1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libattr1-dev/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libaudit-common/bionic-updates,now 1:2.8.2-1ubuntu1.1 all [installed,automatic] +libaudit1/bionic-updates,now 1:2.8.2-1ubuntu1.1 amd64 [installed,automatic] +libavahi-client3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common-data/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libbabeltrace1/bionic,now 1.5.5-1 amd64 [installed,automatic] +libbind9-160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libbinutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +libblkid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libbsd0/bionic-updates,bionic-security,now 0.8.7-1ubuntu0.1 amd64 [installed,automatic] +libbz2-1.0/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +libc-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc-dev-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6-dev/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed,automatic] +libcap2/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcap2-bin/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcc1-0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libcephfs2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libcilkrts5/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libcom-err2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libcrack2/bionic,now 2.9.2-5build1 amd64 [installed,automatic] +libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +libcups2/now 2.2.7-1ubuntu2.10+esm1 amd64 [installed,local] +libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libdb5.3/bionic-updates,bionic-security,now 5.3.28-13.1ubuntu1.1 amd64 [installed,automatic] +libdbus-1-3/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed,automatic] +libdevmapper-event1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdevmapper1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdns-export1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdns1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdpkg-perl/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +libdrm-common/bionic-updates,now 2.4.101-2~18.04.1 all [installed,automatic] +libdrm2/bionic-updates,now 2.4.101-2~18.04.1 amd64 [installed,automatic] +libdumbnet1/bionic,now 1.12-7build1 amd64 [installed] +libdw1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed] +libeatmydata1/bionic,now 105-6 amd64 [installed] +libedit2/bionic,now 3.1-20170329-1 amd64 [installed,automatic] +libefiboot1/bionic,now 34-1 amd64 [installed,automatic] +libefivar1/bionic,now 34-1 amd64 [installed,automatic] +libelf1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed,automatic] +liberror-perl/bionic,now 0.17025-1 all [installed,automatic] +libestr0/bionic,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed,automatic] +libexpat1/bionic-updates,bionic-security,now 2.2.5-3ubuntu0.9 amd64 [installed,automatic] +libext2fs2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libfastjson4/bionic,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libffi6/bionic,now 3.2.1-8 amd64 [installed,automatic] +libfreetype6/bionic-updates,bionic-security,now 2.8.1-2ubuntu2.2 amd64 [installed,automatic] +libfribidi0/bionic-updates,bionic-security,now 0.19.7-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed,automatic] +libgcc-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libgcc1/bionic-updates,bionic-security,now 1:8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgcrypt20/now 1.8.1-4ubuntu1.fips.3 amd64 [installed,local] +libgcrypt20-hmac/now 1.8.1-4ubuntu1.fips.3 amd64 [installed,local] +libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgdbm5/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgeoip1/bionic,now 1.6.12-1 amd64 [installed,automatic] +libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed,automatic] +libglib2.0-0/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 amd64 [installed,automatic] +libglib2.0-data/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 all [installed,automatic] +libgmp10/bionic-updates,bionic-security,now 2:6.1.2+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libgnutls30/bionic-updates,bionic-security,now 3.5.18-1ubuntu1.6 amd64 [installed,automatic] +libgomp1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgoogle-perftools4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libgpg-error0/bionic,now 1.27-6 amd64 [installed,automatic] +libgpm2/bionic,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libgssapi3-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhcrypto4-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimbase1-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimntlm0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhogweed4/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libhx509-5-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libibverbs1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libicu60/bionic-updates,bionic-security,now 60.2-3ubuntu3.2 amd64 [installed,automatic] +libidn11/bionic-updates,now 1.33-2.1ubuntu1.2 amd64 [installed,automatic] +libidn2-0/bionic-updates,bionic-security,now 2.0.4-1.1ubuntu0.2 amd64 [installed,automatic] +libinotifytools0/bionic,now 3.14-2 amd64 [installed,automatic] +libip4tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libip6tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libipset3/bionic,now 6.34-1 amd64 [installed,automatic] +libiptc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libirs160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc-export169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccc160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccfg160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisl19/bionic,now 0.19-1 amd64 [installed,automatic] +libisns0/bionic,now 0.97-2build1 amd64 [installed,automatic] +libitm1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libjansson4/bionic,now 2.11-1 amd64 [installed] +libjq1/bionic,now 1.5+dfsg-2 amd64 [installed,automatic] +libjson-c3/bionic-updates,bionic-security,now 0.12.1-1.3ubuntu0.3 amd64 [installed,automatic] +libk5crypto3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkcapi1/now 1.0.3-2fips3 amd64 [installed,local] +libkeyutils1/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed,automatic] +libklibc/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +libkmod2/bionic-updates,now 24-1ubuntu3.5 amd64 [installed,automatic] +libkrb5-26-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libkrb5-3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkrb5support0/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libksba8/bionic-updates,bionic-security,now 1.3.5-2ubuntu0.18.04.2 amd64 [installed,automatic] +libldap-2.4-2/now 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 [installed,local] +libldap-common/now 2.4.45+dfsg-1ubuntu1.11+esm1 all [installed,local] +libldb1/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed,automatic] +liblsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +liblvm2app2.2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblvm2cmd2.02/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblwres160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +liblxc-common/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblxc1/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblz4-1/bionic-updates,bionic-security,now 0.0~r131-2ubuntu3.1 amd64 [installed,automatic] +liblzma5/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed,automatic] +liblzo2-2/bionic,now 2.08-1.2 amd64 [installed,automatic] +libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmnl0/bionic,now 1.0.4-2 amd64 [installed,automatic] +libmount1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libmpc3/bionic,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed,automatic] +libmpfr6/bionic,now 4.0.1-1 amd64 [installed,automatic] +libmpx2/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libncurses5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libncursesw5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed,automatic] +libnetplan0/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +libnettle6/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed,automatic] +libnfsidmap2/bionic,now 0.25-5.1 amd64 [installed,automatic] +libnftnl7/bionic,now 1.0.9-2 amd64 [installed,automatic] +libnghttp2-14/now 1.30.0-1ubuntu1+esm1 amd64 [installed,local] +libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed,automatic] +libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-route-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic] +libnpth0/bionic,now 1.5-3 amd64 [installed,automatic] +libnspr4/bionic,now 2:4.18-1ubuntu1 amd64 [installed,automatic] +libnss-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libnss3/bionic-updates,bionic-security,now 2:3.35-2ubuntu2.16 amd64 [installed,automatic] +libntfs-3g88/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +libnuma1/bionic-updates,now 2.0.11-2.1ubuntu0.1 amd64 [installed,automatic] +libonig4/now 6.7.0-1ubuntu0.1~esm2 amd64 [installed,local] +libp11-kit0/bionic-updates,bionic-security,now 0.23.9-2ubuntu0.1 amd64 [installed,automatic] +libpam-cap/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libpam-modules/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-modules-bin/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-pwquality/bionic,now 1.4.0-2 amd64 [installed] +libpam-runtime/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 all [installed,automatic] +libpam-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libpam0g/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libparted2/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +libpcap0.8/bionic-updates,now 1.8.1-6ubuntu1.18.04.2 amd64 [installed,automatic] +libpci3/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +libpcre3/bionic-updates,bionic-security,now 2:8.39-9ubuntu0.1 amd64 [installed,automatic] +libperl5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +libpipeline1/bionic,now 1.5.0-1 amd64 [installed,automatic] +libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.2 amd64 [installed,automatic] +libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpopt0/bionic,now 1.16-11 amd64 [installed,automatic] +libprocps6/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +libpsl5/bionic,now 0.19.1-5build1 amd64 [installed,automatic] +libpwquality-common/bionic,now 1.4.0-2 all [installed,automatic] +libpwquality-tools/bionic,now 1.4.0-2 amd64 [installed] +libpwquality1/bionic,now 1.4.0-2 amd64 [installed,automatic] +libpython-stdlib/bionic,now 2.7.15~rc1-1 amd64 [installed] +libpython2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3-stdlib/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +libpython3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-stdlib/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libquadmath0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +librados2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libradosstriper1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librbd1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librdmacm1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed,automatic] +libreadline7/bionic,now 7.0-3 amd64 [installed,automatic] +libroken18-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed,automatic] +libsasl2-2/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules-db/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libseccomp2/bionic-updates,bionic-security,now 2.5.1-1ubuntu1~18.04.2 amd64 [installed,automatic] +libselinux1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsemanage-common/bionic,now 2.7-2build2 all [installed,automatic] +libsemanage1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsensors4/bionic-updates,now 1:3.4.0-4ubuntu0.1 amd64 [installed,automatic] +libsepol1/bionic-updates,bionic-security,now 2.7-1ubuntu0.1 amd64 [installed,automatic] +libsigsegv2/bionic,now 2.12-1 amd64 [installed,automatic] +libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed,automatic] +libsmartcols1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libsnappy1v5/bionic,now 1.1.7-1 amd64 [installed,automatic] +libsqlite3-0/bionic-updates,bionic-security,now 3.22.0-1ubuntu0.7 amd64 [installed,automatic] +libss2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libssl1.1/now 1.1.1-1ubuntu2.fips.2.1~18.04.23 amd64 [installed,local] +libssl1.1-hmac/now 1.1.1-1ubuntu2.fips.2.1~18.04.23 amd64 [installed,local] +libstdc++-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libstdc++6/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libsysfs2/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed,automatic] +libsystemd0/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libtalloc2/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +libtasn1-6/bionic,now 4.13-2 amd64 [installed,automatic] +libtcmalloc-minimal4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libtdb1/bionic,now 1.3.15-2 amd64 [installed] +libtevent0/bionic,now 0.9.34-1 amd64 [installed] +libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed,automatic] +libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed,automatic] +libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed,automatic] +libtinfo5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libtirpc1/bionic-updates,bionic-security,now 0.2.5-1.2ubuntu0.1 amd64 [installed,automatic] +libtsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libubsan0/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libudev1/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libunistring2/bionic-updates,now 0.9.9-0ubuntu2 amd64 [installed,automatic] +libunwind8/bionic-updates,now 1.2.1-8ubuntu0.1 amd64 [installed,automatic] +liburcu6/bionic-updates,now 0.10.1-1ubuntu1 amd64 [installed,automatic] +libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed,automatic] +libutempter0/bionic,now 1.1.6-3 amd64 [installed,automatic] +libuuid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libuv1/bionic,now 1.18.0-3 amd64 [installed,automatic] +libwbclient0/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +libwind0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libwrap0/bionic,now 7.6.q-27 amd64 [installed] +libx11-6/now 2:1.6.4-3ubuntu0.4+esm1 amd64 [installed,local] +libx11-data/now 2:1.6.4-3ubuntu0.4+esm1 all [installed,local] +libxau6/bionic-updates,now 1:1.0.8-1ubuntu1 amd64 [installed,automatic] +libxcb1/bionic-updates,now 1.13-2~ubuntu18.04 amd64 [installed,automatic] +libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed,automatic] +libxext6/bionic,now 2:1.3.3-1 amd64 [installed,automatic] +libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.9 amd64 [installed,automatic] +libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed,automatic] +libxtables12/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed,automatic] +libzstd1/bionic-updates,bionic-security,now 1.3.3+dfsg-2ubuntu1.2 amd64 [installed,automatic] +linux-azure-5.4-cloud-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-cloud-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-5.4-headers-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 all [installed] +linux-azure-5.4-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-azure-fips-cloud-tools-4.15.0-2077/now 4.15.0-2077.83 amd64 [installed,local] +linux-azure-fips-headers-4.15.0-2077/now 4.15.0-2077.83 all [installed,local] +linux-azure-fips-tools-4.15.0-2077/now 4.15.0-2077.83 amd64 [installed,local] +linux-base/bionic-updates,now 4.5ubuntu1.7 all [installed,automatic] +linux-base-sgx/bionic-updates,now 4.5ubuntu1.7 all [installed] +linux-cloud-tools-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-cloud-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-cloud-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-cloud-tools-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-cloud-tools-common/now 4.15.0-214.225 all [installed,local] +linux-headers-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-headers-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-image-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-image-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-image-hmac-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-libc-dev/now 4.15.0-214.225 amd64 [installed,local] +linux-modules-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-modules-extra-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-tools-4.15.0-2077-azure-fips/now 4.15.0-2077.83 amd64 [installed,local] +linux-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-tools-azure-fips/now 4.15.0.2077.73 amd64 [installed,local] +linux-tools-common/now 4.15.0-214.225 all [installed,local] +locales/bionic-updates,now 2.27-3ubuntu1.6 all [installed,automatic] +login/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed] +logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed,automatic] +lsb-base/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lsb-release/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.2 amd64 [installed,automatic] +lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed,automatic] +lsscsi/bionic,now 0.28-0.1 amd64 [installed] +ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed,automatic] +lvm2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed] +lxcfs/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +lxd/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed] +lxd-client/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed,automatic] +make/bionic,now 4.1-9.1ubuntu1 amd64 [installed] +man-db/bionic-updates,now 2.8.3-2ubuntu0.1 amd64 [installed,automatic] +manpages/bionic,now 4.15-1 all [installed,automatic] +mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed,automatic] +mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.4 amd64 [installed] +mime-support/bionic,now 3.60ubuntu1 all [installed,automatic] +mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu18.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu18.04u1] +moby-runc/testing,bionic,now 1.1.7+azure-ubuntu18.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu18.04u1] +mokutil/bionic-updates,now 0.6.0-2~18.04.1 amd64 [installed] +motd-news-config/bionic-updates,now 10.1ubuntu2.11 all [installed] +mount/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +mtr-tiny/bionic,now 0.92-1 amd64 [installed,automatic] +multiarch-support/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +nano/bionic,now 2.9.3-2 amd64 [installed,automatic] +ncurses-base/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +ncurses-bin/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed] +ncurses-term/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed] +netbase/bionic,now 5.4 all [installed,automatic] +netcat/bionic,now 1.10-41.1 all [installed] +netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed,automatic] +netcat-traditional/bionic,now 1.10-41.1 amd64 [installed,automatic] +netplan.io/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +networkd-dispatcher/bionic-updates,bionic-security,now 1.7-0ubuntu3.5 all [installed,automatic] +nfs-common/bionic-updates,now 1:1.3.4-2.1ubuntu5.5 amd64 [installed] +nftables/bionic,now 0.8.2-1 amd64 [installed] +nplan/bionic-updates,now 0.99-0ubuntu3~18.04.5 all [installed,automatic] +ntfs-3g/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +open-iscsi/now 2.0.874-5ubuntu2.11+esm1 amd64 [installed,local] +openssh-client/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-client-hmac/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-server/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-server-hmac/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssh-sftp-server/now 1:7.9p1-10~ubuntu18.04.fips.0.7 amd64 [installed,local] +openssl/now 1.1.1-1ubuntu2.fips.2.1~18.04.23 amd64 [installed,local] +os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic] +overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed] +packages-microsoft-prod/bionic,now 1.0-ubuntu18.04.2 all [installed] +parted/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +passwd/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +pastebinit/bionic,now 1.5-2 all [installed,automatic] +patch/bionic-updates,bionic-security,now 2.7.6-2ubuntu1.1 amd64 [installed] +pciutils/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +perl/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-base/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-modules-5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 all [installed,automatic] +pigz/bionic,now 2.4-1 amd64 [installed] +pinentry-curses/bionic,now 1.1.0-1 amd64 [installed,automatic] +plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.2 all [installed] +popularity-contest/bionic,now 1.66ubuntu1 all [installed,automatic] +powermgmt-base/bionic,now 1.33 all [installed,automatic] +procps/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +psmisc/bionic-updates,now 23.1-1ubuntu0.1 amd64 [installed,automatic] +publicsuffix/bionic,now 20180223.1310-1 all [installed,automatic] +python/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-apt-common/bionic-updates,now 1.6.6 all [installed,automatic] +python-cephfs/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python-crypto/bionic,now 2.6.1-8ubuntu2 amd64 [installed] +python-idna/bionic,now 2.6-1 all [installed,automatic] +python-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed,automatic] +python-ldb/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +python-minimal/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python-prettytable/bionic,now 0.7.2-3 all [installed,automatic] +python-rados/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-rbd/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python-samba/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +python-six/bionic,now 1.11.0-2 all [installed] +python-talloc/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +python-tdb/bionic,now 1.3.15-2 amd64 [installed] +python-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python3/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-apport/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-apt/bionic-updates,now 1.6.6 amd64 [installed,automatic] +python3-asn1crypto/bionic,now 0.24.0-1 all [installed,automatic] +python3-attr/bionic,now 17.4.0-2 all [installed,automatic] +python3-automat/bionic,now 0.6.0-1 all [installed,automatic] +python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed] +python3-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed,automatic] +python3-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python3-click/bionic,now 6.7-3 all [installed,automatic] +python3-colorama/bionic,now 0.3.7-1 all [installed,automatic] +python3-commandnotfound/bionic-updates,now 18.04.6 all [installed,automatic] +python3-configobj/bionic,now 5.0.6-2 all [installed,automatic] +python3-constantly/bionic,now 15.1.0-1 all [installed,automatic] +python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.4 amd64 [installed,automatic] +python3-dbus/bionic,now 1.2.6-1 amd64 [installed,automatic] +python3-debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +python3-debian/bionic,now 0.1.32 all [installed,automatic] +python3-distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 all [installed,automatic] +python3-distupgrade/bionic-updates,now 1:18.04.45 all [installed,automatic] +python3-distutils/bionic-updates,now 3.6.9-1~18.04 all [installed] +python3-gdbm/bionic-updates,now 3.6.9-1~18.04 amd64 [installed,automatic] +python3-gi/bionic-updates,now 3.26.1-2ubuntu1 amd64 [installed,automatic] +python3-httplib2/bionic-updates,now 0.9.2+dfsg-1ubuntu0.3 all [installed,automatic] +python3-hyperlink/bionic,now 17.3.1-2 all [installed,automatic] +python3-idna/bionic,now 2.6-1 all [installed,automatic] +python3-incremental/bionic,now 16.10.1-3 all [installed,automatic] +python3-jinja2/bionic-updates,bionic-security,now 2.10-1ubuntu0.18.04.1 all [installed] +python3-json-pointer/bionic,now 1.10-1 all [installed] +python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed] +python3-jsonschema/bionic,now 2.6.0-2 all [installed] +python3-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed] +python3-lib2to3/bionic-updates,now 3.6.9-1~18.04 all [installed,automatic] +python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed] +python3-minimal/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-netifaces/bionic,now 0.10.4-0.1build4 amd64 [installed,automatic] +python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +python3-oauthlib/bionic,now 2.0.6-1 all [installed] +python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed,automatic] +python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed,automatic] +python3-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python3-pexpect/bionic,now 4.2.1-1 all [installed,automatic] +python3-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python3-problem-report/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-ptyprocess/bionic,now 0.5.2-1 all [installed,automatic] +python3-pyasn1/bionic,now 0.4.2-3 all [installed,automatic] +python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed,automatic] +python3-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed,automatic] +python3-serial/bionic,now 3.4-2 all [installed,automatic] +python3-service-identity/bionic,now 16.0.0-2 all [installed,automatic] +python3-six/bionic,now 1.11.0-2 all [installed,automatic] +python3-software-properties/bionic-updates,now 0.96.24.32.22 all [installed,automatic] +python3-twisted/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 all [installed,automatic] +python3-twisted-bin/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 amd64 [installed,automatic] +python3-update-manager/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +python3-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python3-yaml/bionic,now 3.12-1build2 amd64 [installed,automatic] +python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed,automatic] +python3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +python3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +readline-common/bionic,now 7.0-3 all [installed,automatic] +rng-tools/bionic,now 5-0ubuntu4 amd64 [installed] +rpcbind/bionic-updates,bionic-security,now 0.2.3-0.6ubuntu0.18.04.4 amd64 [installed,automatic] +rsync/bionic-updates,bionic-security,now 3.1.2-2.1ubuntu1.6 amd64 [installed,automatic] +rsyslog/bionic-updates,bionic-security,now 8.32.0-1ubuntu4.2 amd64 [installed,automatic] +run-one/bionic,now 1.17-0ubuntu1 all [installed,automatic] +samba-common/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 all [installed] +samba-common-bin/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +samba-libs/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +sbsigntool/bionic-updates,now 0.9.2-2ubuntu1~18.04.2 amd64 [installed] +screen/now 4.6.2-1ubuntu1.1+esm1 amd64 [installed,local] +secureboot-db/bionic-updates,now 1.4~ubuntu0.18.04.1 amd64 [installed] +sed/bionic,now 4.4-2 amd64 [installed,automatic] +sensible-utils/bionic,now 0.0.12 all [installed,automatic] +shared-mime-info/bionic,now 1.9-2 amd64 [installed,automatic] +shim-signed/bionic-security,now 1.37~18.04.11+15.4-0ubuntu9 amd64 [installed,upgradable to: 1.37~18.04.13+15.7-0ubuntu1] +socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed] +software-properties-common/bionic-updates,now 0.96.24.32.22 all [installed] +sosreport/bionic-updates,now 4.4-1ubuntu0.18.04.1 amd64 [installed] +squashfs-tools/bionic-updates,bionic-security,now 1:4.3-6ubuntu0.18.04.4 amd64 [installed,automatic] +ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed] +strace/bionic,now 4.21-1ubuntu1 amd64 [installed,automatic] +sudo/bionic-updates,bionic-security,now 1.8.21p2-3ubuntu1.6 amd64 [installed,automatic] +sysfsutils/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed] +sysstat/now 11.6.1-1ubuntu0.2+esm1 amd64 [installed,local] +systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +systemd-sysv/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed] +tar/bionic-updates,bionic-security,now 1.29b-2ubuntu0.4 amd64 [installed,automatic] +tcpdump/bionic-updates,now 4.9.3-0ubuntu0.18.04.3 amd64 [installed,automatic] +telnet/bionic,now 0.17-41 amd64 [installed,automatic] +time/bionic,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/bionic-updates,bionic-security,now 2.6-3ubuntu0.3 amd64 [installed] +traceroute/bionic,now 1:2.1.0-2 amd64 [installed] +tzdata/bionic-updates,bionic-security,now 2023c-0ubuntu0.18.04 all [installed,automatic] +ubuntu-advantage-tools/bionic-updates,now 28.1~18.04 amd64 [installed,automatic] +ubuntu-azure-fips/now 1.1.4+updates1 amd64 [installed,local] +ubuntu-keyring/bionic-updates,now 2018.09.18.1~18.04.2 all [installed,automatic] +ubuntu-minimal/bionic-updates,now 1.417.5 amd64 [installed] +ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.45 all [installed,automatic] +ubuntu-standard/bionic-updates,now 1.417.5 amd64 [installed] +ucf/bionic,now 3.0038 all [installed,automatic] +udev/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +ufw/bionic-updates,now 0.36-0ubuntu0.18.04.2 all [installed,automatic] +uidmap/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.14 all [installed,automatic] +update-manager-core/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +update-notifier-common/bionic-updates,now 3.192.1.19 all [installed] +ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] +usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] +util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] +wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] +whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +wireless-regdb/bionic-updates,bionic-security,now 2022.06.06-0ubuntu1~18.04.1 all [installed] +xauth/bionic,now 1:1.0.10-1 amd64 [installed,automatic] +xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] +xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] +xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] +zip/bionic,now 3.0-11build1 amd64 [installed] +zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +udev 3.4G 0 3.4G 0% /dev +tmpfs 697M 632K 697M 1% /run +/dev/sda1 29G 22G 7.2G 76% / +tmpfs 3.5G 0 3.5G 0% /dev/shm +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup +/dev/sda15 105M 5.2M 100M 5% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 697M 0 697M 0% /run/user/1000 +Using kernel: +Linux version 4.15.0-2077-azure-fips (buildd@lcy02-amd64-106) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #83-Ubuntu SMP Tue Jul 18 19:05:42 UTC 2023 +Install completed successfully on Tue Aug 22 17:10:59 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 18.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: True +=== os-release Begin +NAME="Ubuntu" +VERSION="18.04.6 LTS (Bionic Beaver)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 18.04.6 LTS" +VERSION_ID="18.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=bionic +UBUNTU_CODENAME=bionic +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-image-list.json index 7f3049622a5..11160eb4521 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "1804gen2fipscontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-report.json index 3f1f83f5cd2..3eb89003461 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmrqdxnnvmfn", + "ArtifactName": "pkrvmmzwsf9lukj", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmrqdxnnvmfn (ubuntu 18.04)", + "Target": "pkrvmmzwsf9lukj (ubuntu 18.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest.txt index 3d458351c27..251dfc25c96 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804fipscontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:07:59 UTC 2023 +Starting build on Tue Aug 22 16:25:34 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,17 +131,17 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 593 Aug 16 17:07 /usr/local/bin/logrotate.sh --r-xr--r-- 1 root root 2462 Aug 16 17:07 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:21 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:21 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:25 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:25 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:27 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:27 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:27 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:29 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:37 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:42 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:42 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:42 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:45 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] @@ -803,10 +804,10 @@ ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] -vim/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] -vim-common/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] @@ -816,7 +817,7 @@ xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] -xxd/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] zip/bionic,now 3.0-11build1 amd64 [installed] zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] @@ -825,7 +826,7 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on udev 3.4G 0 3.4G 0% /dev tmpfs 697M 632K 697M 1% /run -/dev/sda1 29G 22G 7.4G 75% / +/dev/sda1 29G 22G 7.2G 76% / tmpfs 3.5G 0 3.5G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup @@ -834,10 +835,10 @@ tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup tmpfs 697M 0 697M 0% /run/user/1000 Using kernel: Linux version 4.15.0-2077-azure-fips (buildd@lcy02-amd64-106) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #83-Ubuntu SMP Tue Jul 18 19:05:42 UTC 2023 -Install completed successfully on Wed Aug 16 17:54:34 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:10:59 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 18.04 Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..f317328444a --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "1804gen2gpucontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..c53296bc0ca --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,2619 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmhf5p9ngf5i", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "18.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmhf5p9ngf5i (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/nvidia/bin/nvidia-device-plugin", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2021-33194", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20201021035429-f5854403a974", + "FixedVersion": "0.0.0-20210520170846-37e1c6afe023", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33194", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "golang: x/net/html: infinite loop in ParseFragment", + "Description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-33194", + "https://github.com/advisories/GHSA-83g2-8m93-v3w7", + "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7", + "https://go.dev/cl/311090", + "https://go.dev/issue/46288", + "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7", + "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg", + "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-33194", + "https://pkg.go.dev/vuln/GO-2021-0238", + "https://www.cve.org/CVERecord?id=CVE-2021-33194" + ], + "PublishedDate": "2021-05-26T15:15:00Z", + "LastModifiedDate": "2022-06-03T19:29:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20201021035429-f5854403a974", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20201021035429-f5854403a974", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2021-38561", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.3", + "FixedVersion": "0.3.7", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "out-of-bounds read in golang.org/x/text/language leads to DoS", + "Description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-38561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561", + "https://deps.dev/advisory/OSV/GO-2021-0113", + "https://github.com/advisories/GHSA-ppp9-7jff-5vj2", + "https://go.dev/cl/340830", + "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f", + "https://groups.google.com/g/golang-announce", + "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", + "https://pkg.go.dev/golang.org/x/text/language", + "https://pkg.go.dev/vuln/GO-2021-0113", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2021-38561" + ], + "PublishedDate": "2022-12-26T06:15:00Z", + "LastModifiedDate": "2023-01-05T04:52:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.3", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0.txt new file mode 100644 index 00000000000..88948792664 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/202308.22.0.txt @@ -0,0 +1,868 @@ +Starting build on Tue Aug 22 16:25:32 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - /var/lib/kubelet/device-plugins + - extracted nvidia-device-plugin... +total 19968 +-rwxr-xr-x 1 root root 355344 Aug 22 16:40 nvidia-installer +-rwxr-xr-x 1 root root 38025 Aug 22 16:40 nvidia-bug-report.sh +-rwxr-xr-x 1 root root 900 Aug 22 16:40 nvidia-sleep.sh +-rwxr-xr-x 1 root root 638416 Aug 22 16:40 nvidia-smi +-rwxr-xr-x 1 root root 137904 Aug 22 16:40 nvidia-debugdump +-rwxr-xr-x 1 root root 18664 Aug 22 16:40 nvidia-cuda-mps-server +-rwxr-xr-x 1 root root 54184 Aug 22 16:40 nvidia-cuda-mps-control +-rwxr-xr-x 1 root root 208336 Aug 22 16:40 nvidia-persistenced +-rwxr-xr-x 1 root root 602752 Aug 22 16:40 nvidia-powerd +-rwxr-xr-x 1 root root 207424 Aug 22 16:40 nvidia-xconfig +-rwxr-xr-x 1 root root 306312 Aug 22 16:40 nvidia-settings +-rwxr-xr-x 1 root root 3892304 Aug 22 16:40 nvidia-ngx-updater +lrwxrwxrwx 1 root root 16 Aug 22 16:40 nvidia-uninstall -> nvidia-installer +-rwxr-xr-x 1 root root 13960920 Aug 22 16:56 nvidia-device-plugin + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:35 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:35 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:38 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:38 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:38 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:41 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +acl/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +acpid/bionic,now 1:2.0.28-1ubuntu1 amd64 [installed] +adduser/bionic,now 3.116ubuntu1 all [installed,automatic] +apparmor/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +apt/bionic-updates,now 1.6.17 amd64 [installed,automatic] +apt-transport-https/bionic-updates,now 1.6.17 all [installed] +apt-utils/bionic-updates,now 1.6.17 amd64 [installed,automatic] +at/bionic,now 3.1.20-3.1ubuntu2 amd64 [installed] +attr/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +base-files/bionic-updates,now 10.1ubuntu2.11 amd64 [installed,automatic] +base-passwd/bionic,now 3.5.44 amd64 [installed,automatic] +bash/bionic-updates,bionic-security,now 4.4.18-2ubuntu1.3 amd64 [installed] +bash-completion/bionic,now 1:2.8-1ubuntu1 all [installed,automatic] +bc/bionic,now 1.07.1-2 amd64 [installed,automatic] +bcache-tools/bionic-updates,now 1.0.8-2ubuntu0.18.04.1 amd64 [installed] +bind9-host/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +binfmt-support/bionic,now 2.1.8-2 amd64 [installed,automatic] +binutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-common/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +blobfuse/bionic,now 1.4.5 amd64 [installed] +blobfuse2/bionic,now 2.0.5 amd64 [installed] +bsdmainutils/bionic,now 11.1.2ubuntu1 amd64 [installed,automatic] +bsdutils/bionic-updates,bionic-security,now 1:2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +btrfs-progs/bionic,now 4.15.1-1build1 amd64 [installed,automatic] +btrfs-tools/bionic,now 4.15.1-1build1 amd64 [installed] +build-essential/bionic,now 12.4ubuntu1 amd64 [installed] +busybox-initramfs/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +busybox-static/bionic-updates,bionic-security,now 1:1.27.2-2ubuntu3.4 amd64 [installed,automatic] +byobu/bionic,now 5.125-0ubuntu1 all [installed] +bzip2/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +ca-certificates/bionic-updates,bionic-security,now 20230311ubuntu0.18.04.1 all [installed] +ceph-common/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed] +cgroup-lite/bionic,now 1.15 all [installed] +chrony/bionic-updates,bionic-security,now 3.2-4ubuntu4.5 amd64 [installed] +cifs-utils/bionic-updates,bionic-security,now 2:6.8-1ubuntu1.2 amd64 [installed] +cloud-guest-utils/bionic,now 0.30-0ubuntu5 all [installed] +cloud-init/bionic-updates,bionic-security,now 23.1.2-0ubuntu0~18.04.1 all [installed] +cloud-initramfs-copymods/bionic-updates,now 0.40ubuntu1.1 all [installed] +cloud-initramfs-dyn-netconf/bionic-updates,now 0.40ubuntu1.1 all [installed] +command-not-found/bionic-updates,now 18.04.6 all [installed,automatic] +command-not-found-data/bionic-updates,now 18.04.6 amd64 [installed,automatic] +conntrack/bionic,now 1:1.4.4+snapshot20161117-6ubuntu2 amd64 [installed] +console-setup/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +console-setup-linux/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +coreutils/bionic,now 8.28-1ubuntu1 amd64 [installed,automatic] +cpio/bionic-updates,bionic-security,now 2.12+dfsg-6ubuntu0.18.04.4 amd64 [installed,automatic] +cpp/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +cpp-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +cracklib-runtime/bionic,now 2.9.2-5build1 amd64 [installed] +crda/bionic,now 3.18-1build1 amd64 [installed] +cron/bionic-updates,bionic-security,now 3.0pl1-128.1ubuntu1.2 amd64 [installed,automatic] +cryptsetup/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +cryptsetup-bin/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +curl/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed] +dash/bionic,now 0.5.8-2.10 amd64 [installed] +dbus/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +dbus-user-session/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debconf-i18n/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +debianutils/bionic,now 4.8.4 amd64 [installed,automatic] +diffutils/bionic,now 1:3.6-1 amd64 [installed] +dirmngr/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 amd64 [installed,automatic] +distro-info-data/bionic-updates,now 0.37ubuntu0.17 all [installed,automatic] +dkms/bionic-updates,now 2.3-3ubuntu9.7 all [installed] +dmeventd/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dmidecode/bionic-updates,now 3.1-1ubuntu0.1 amd64 [installed,automatic] +dmsetup/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +dns-root-data/bionic,now 2018013001 all [installed,automatic] +dnsmasq-base/bionic-updates,bionic-security,now 2.79-1ubuntu0.7 amd64 [installed,automatic] +dnsutils/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +dosfstools/bionic,now 4.1-1 amd64 [installed,automatic] +dpkg/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 amd64 [installed,automatic] +dpkg-dev/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +e2fsprogs/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +eatmydata/bionic,now 105-6 all [installed] +ebtables/bionic-updates,now 2.0.10.4-3.5ubuntu2.18.04.3 amd64 [installed] +ed/bionic,now 1.10-2.1 amd64 [installed,automatic] +efibootmgr/bionic,now 15-1 amd64 [installed,automatic] +eject/bionic,now 2.1.5+deb1+cvs20081104-13.2 amd64 [installed,automatic] +ethtool/bionic,now 1:4.15-0ubuntu1 amd64 [installed] +fdisk/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +file/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +findutils/bionic,now 4.6.0+git+20170828-2 amd64 [installed] +fonts-ubuntu-console/bionic,now 0.83-2 all [installed] +friendly-recovery/bionic-updates,now 0.2.38ubuntu1.2 all [installed,automatic] +ftp/bionic,now 0.17-34 amd64 [installed,automatic] +fuse/bionic,now 2.9.7-1ubuntu1 amd64 [installed] +g++/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed,automatic] +g++-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gawk/bionic,now 1:4.1.4+dfsg-1build1 amd64 [installed,automatic] +gcc/bionic-updates,bionic-security,now 4:7.4.0-1ubuntu2.3 amd64 [installed] +gcc-7/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-7-base/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +gcc-8-base/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +gdisk/bionic,now 1.0.3-1 amd64 [installed,automatic] +geoip-database/bionic,now 20180315-1 all [installed,automatic] +gettext-base/bionic-updates,bionic-security,now 0.19.8.1-6ubuntu0.3 amd64 [installed,automatic] +gir1.2-glib-2.0/bionic,now 1.56.1-1 amd64 [installed,automatic] +git/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 amd64 [installed] +git-man/bionic-updates,bionic-security,now 1:2.17.1-1ubuntu0.18 all [installed,automatic] +glusterfs-client/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +glusterfs-common/now 3.13.2-1ubuntu1+esm1 amd64 [installed,local] +gnupg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed] +gnupg-l10n/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 all [installed,automatic] +gnupg-utils/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-agent/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-client/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpg-wks-server/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgconf/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgsm/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +gpgv/bionic-updates,bionic-security,now 2.2.4-1ubuntu1.6 amd64 [installed,automatic] +grep/bionic-updates,now 3.1-2build1 amd64 [installed] +groff-base/bionic,now 1.22.3-10 amd64 [installed,automatic] +grub-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-efi-amd64-bin/bionic-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/bionic-updates,now 1.187.3~18.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/bionic,now 0.7 amd64 [installed,automatic] +grub-pc/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub-pc-bin/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +grub2-common/bionic-updates,now 2.02-2ubuntu8.26 amd64 [installed,automatic] +gzip/bionic-updates,bionic-security,now 1.6-5ubuntu1.2 amd64 [installed] +hdparm/bionic,now 9.54+ds-1 amd64 [installed,automatic] +hostname/bionic,now 3.20 amd64 [installed] +htop/bionic,now 2.1.0-3 amd64 [installed] +iftop/bionic,now 1.0~pre4-4 amd64 [installed] +info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +init/bionic,now 1.51 amd64 [installed] +init-system-helpers/bionic,now 1.51 all [installed] +initramfs-tools/bionic-updates,now 0.130ubuntu3.13 all [installed] +initramfs-tools-bin/bionic-updates,now 0.130ubuntu3.13 amd64 [installed,automatic] +initramfs-tools-core/bionic-updates,now 0.130ubuntu3.13 all [installed,automatic] +inotify-tools/bionic,now 3.14-2 amd64 [installed] +install-info/bionic,now 6.5.0.dfsg.1-2 amd64 [installed,automatic] +iotop/bionic,now 0.6-2 amd64 [installed] +iproute2/bionic-updates,now 4.15.0-2ubuntu1.3 amd64 [installed] +ipset/bionic,now 6.34-1 amd64 [installed] +iptables/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed] +iputils-ping/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +iputils-tracepath/bionic-updates,now 3:20161105-1ubuntu3 amd64 [installed,automatic] +irqbalance/bionic-updates,now 1.3.0-0.1ubuntu0.18.04.1 amd64 [installed,automatic] +isc-dhcp-client/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +isc-dhcp-common/bionic-updates,bionic-security,now 4.3.5-3ubuntu7.4 amd64 [installed,automatic] +iso-codes/bionic,now 3.79-1 all [installed,automatic] +iw/bionic,now 4.14-0.1 amd64 [installed] +jq/bionic,now 1.5+dfsg-2 amd64 [installed] +kbd/bionic,now 2.0.4-2ubuntu1 amd64 [installed,automatic] +keyboard-configuration/bionic-updates,now 1.178ubuntu2.9 all [installed,automatic] +keyutils/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed] +klibc-utils/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +kmod/bionic-updates,now 24-1ubuntu3.5 amd64 [installed] +krb5-locales/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 all [installed,automatic] +landscape-common/bionic-updates,now 18.01-0ubuntu3.6 amd64 [installed] +language-selector-common/bionic-updates,now 0.188.3 all [installed,automatic] +less/bionic,now 487-0.1 amd64 [installed,automatic] +libaccountsservice0/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] +libacl1/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libacl1-dev/bionic,now 2.2.52-3build1 amd64 [installed,automatic] +libaio1/bionic-updates,now 0.3.110-5ubuntu0.1 amd64 [installed,automatic] +libapparmor1/bionic-updates,bionic-security,now 2.12-4ubuntu5.3 amd64 [installed,automatic] +libapt-inst2.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libapt-pkg5.0/bionic-updates,now 1.6.17 amd64 [installed,automatic] +libargon2-0/bionic,now 0~20161029-1.1 amd64 [installed,automatic] +libasan4/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libasn1-8-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libassuan0/bionic,now 2.5.1-2 amd64 [installed,automatic] +libatm1/bionic,now 1:2.5.1-2build1 amd64 [installed,automatic] +libatomic1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libattr1/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libattr1-dev/bionic,now 1:2.4.47-2build1 amd64 [installed,automatic] +libaudit-common/bionic-updates,now 1:2.8.2-1ubuntu1.1 all [installed,automatic] +libaudit1/bionic-updates,now 1:2.8.2-1ubuntu1.1 amd64 [installed,automatic] +libavahi-client3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common-data/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libavahi-common3/now 0.7-3.1ubuntu1.3+esm1 amd64 [installed,local] +libbabeltrace1/bionic,now 1.5.5-1 amd64 [installed,automatic] +libbind9-160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libbinutils/bionic-updates,bionic-security,now 2.30-21ubuntu1~18.04.9 amd64 [installed,automatic] +libblkid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libbsd0/bionic-updates,bionic-security,now 0.8.7-1ubuntu0.1 amd64 [installed,automatic] +libbz2-1.0/bionic-updates,bionic-security,now 1.0.6-8.1ubuntu0.2 amd64 [installed,automatic] +libc-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc-dev-bin/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libc6-dev/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +libcap-ng0/bionic,now 0.7.7-3.1 amd64 [installed,automatic] +libcap2/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcap2-bin/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libcc1-0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libcephfs2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libcilkrts5/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libcom-err2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libcrack2/bionic,now 2.9.2-5build1 amd64 [installed,automatic] +libcryptsetup12/bionic-updates,now 2:2.0.2-1ubuntu1.2 amd64 [installed,automatic] +libcups2/now 2.2.7-1ubuntu2.10+esm1 amd64 [installed,local] +libcurl3-gnutls/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libcurl4/bionic-updates,bionic-security,now 7.58.0-2ubuntu3.24 amd64 [installed,automatic] +libdb5.3/bionic-updates,bionic-security,now 5.3.28-13.1ubuntu1.1 amd64 [installed,automatic] +libdbus-1-3/bionic-updates,bionic-security,now 1.12.2-1ubuntu1.4 amd64 [installed,automatic] +libdebconfclient0/bionic,now 0.213ubuntu1 amd64 [installed,automatic] +libdevmapper-event1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdevmapper1.02.1/bionic-updates,now 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +libdns-export1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdns1100/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libdpkg-perl/bionic-updates,bionic-security,now 1.19.0.5ubuntu2.4 all [installed,automatic] +libdrm-common/bionic-updates,now 2.4.101-2~18.04.1 all [installed,automatic] +libdrm2/bionic-updates,now 2.4.101-2~18.04.1 amd64 [installed,automatic] +libdumbnet1/bionic,now 1.12-7build1 amd64 [installed] +libdw1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed] +libeatmydata1/bionic,now 105-6 amd64 [installed] +libedit2/bionic,now 3.1-20170329-1 amd64 [installed,automatic] +libefiboot1/bionic,now 34-1 amd64 [installed,automatic] +libefivar1/bionic,now 34-1 amd64 [installed,automatic] +libelf1/bionic-updates,bionic-security,now 0.170-0.4ubuntu0.1 amd64 [installed,automatic] +liberror-perl/bionic,now 0.17025-1 all [installed,automatic] +libestr0/bionic,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-6/bionic,now 2.1.8-stable-4build1 amd64 [installed,automatic] +libexpat1/bionic-updates,bionic-security,now 2.2.5-3ubuntu0.9 amd64 [installed,automatic] +libext2fs2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libfastjson4/bionic,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libffi6/bionic,now 3.2.1-8 amd64 [installed,automatic] +libfreetype6/bionic-updates,bionic-security,now 2.8.1-2ubuntu2.2 amd64 [installed,automatic] +libfribidi0/bionic-updates,bionic-security,now 0.19.7-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/bionic,now 2.9.7-1ubuntu1 amd64 [installed,automatic] +libgcc-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libgcc1/bionic-updates,bionic-security,now 1:8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgcrypt20/bionic-updates,bionic-security,now 1.8.1-4ubuntu1.3 amd64 [installed,automatic] +libgdbm-compat4/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgdbm5/bionic,now 1.14.1-6 amd64 [installed,automatic] +libgeoip1/bionic,now 1.6.12-1 amd64 [installed,automatic] +libgirepository-1.0-1/bionic,now 1.56.1-1 amd64 [installed,automatic] +libglib2.0-0/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 amd64 [installed,automatic] +libglib2.0-data/bionic-updates,bionic-security,now 2.56.4-0ubuntu0.18.04.9 all [installed,automatic] +libgmp10/bionic-updates,bionic-security,now 2:6.1.2+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libgnutls30/bionic-updates,bionic-security,now 3.5.18-1ubuntu1.6 amd64 [installed,automatic] +libgomp1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libgoogle-perftools4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libgpg-error0/bionic,now 1.27-6 amd64 [installed,automatic] +libgpm2/bionic,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libgssapi3-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhcrypto4-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimbase1-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libheimntlm0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libhogweed4/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libhx509-5-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libibverbs1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libicu60/bionic-updates,bionic-security,now 60.2-3ubuntu3.2 amd64 [installed,automatic] +libidn11/bionic-updates,now 1.33-2.1ubuntu1.2 amd64 [installed,automatic] +libidn2-0/bionic-updates,bionic-security,now 2.0.4-1.1ubuntu0.2 amd64 [installed,automatic] +libinotifytools0/bionic,now 3.14-2 amd64 [installed,automatic] +libip4tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libip6tc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libipset3/bionic,now 6.34-1 amd64 [installed,automatic] +libiptc0/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libirs160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc-export169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisc169/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccc160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisccfg160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +libisl19/bionic,now 0.19-1 amd64 [installed,automatic] +libisns0/bionic,now 0.97-2build1 amd64 [installed,automatic] +libitm1/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libjansson4/bionic,now 2.11-1 amd64 [installed] +libjq1/bionic,now 1.5+dfsg-2 amd64 [installed,automatic] +libjson-c3/bionic-updates,bionic-security,now 0.12.1-1.3ubuntu0.3 amd64 [installed,automatic] +libk5crypto3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkeyutils1/bionic-updates,now 1.5.9-9.2ubuntu2.1 amd64 [installed,automatic] +libklibc/bionic-updates,now 2.0.4-9ubuntu2.2 amd64 [installed,automatic] +libkmod2/bionic-updates,now 24-1ubuntu3.5 amd64 [installed,automatic] +libkrb5-26-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libkrb5-3/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libkrb5support0/bionic-updates,bionic-security,now 1.16-2ubuntu0.4 amd64 [installed,automatic] +libksba8/bionic-updates,bionic-security,now 1.3.5-2ubuntu0.18.04.2 amd64 [installed,automatic] +libldap-2.4-2/now 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 [installed,local] +libldap-common/now 2.4.45+dfsg-1ubuntu1.11+esm1 all [installed,local] +libldb1/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +liblocale-gettext-perl/bionic,now 1.07-3build2 amd64 [installed,automatic] +liblsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +liblvm2app2.2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblvm2cmd2.02/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed,automatic] +liblwres160/now 1:9.11.3+dfsg-1ubuntu1.19+esm1 amd64 [installed,local] +liblxc-common/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblxc1/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +liblz4-1/bionic-updates,bionic-security,now 0.0~r131-2ubuntu3.1 amd64 [installed,automatic] +liblzma5/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed,automatic] +liblzo2-2/bionic,now 2.08-1.2 amd64 [installed,automatic] +libmagic-mgc/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmagic1/bionic-updates,bionic-security,now 1:5.32-2ubuntu0.4 amd64 [installed,automatic] +libmnl0/bionic,now 1.0.4-2 amd64 [installed,automatic] +libmount1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libmpc3/bionic,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/bionic,now 2.4.2-1ubuntu1 amd64 [installed,automatic] +libmpfr6/bionic,now 4.0.1-1 amd64 [installed,automatic] +libmpx2/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libncurses5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libncursesw5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libnetfilter-conntrack3/bionic,now 1.0.6-2 amd64 [installed,automatic] +libnetplan0/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +libnettle6/bionic-updates,bionic-security,now 3.4.1-0ubuntu0.18.04.1 amd64 [installed,automatic] +libnewt0.52/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +libnfnetlink0/bionic,now 1.0.1-3 amd64 [installed,automatic] +libnfsidmap2/bionic,now 0.25-5.1 amd64 [installed,automatic] +libnftnl7/bionic,now 1.0.9-2 amd64 [installed,automatic] +libnghttp2-14/now 1.30.0-1ubuntu1+esm1 amd64 [installed,local] +libnih1/bionic,now 1.0.3-6ubuntu2 amd64 [installed,automatic] +libnl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-genl-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed] +libnl-route-3-200/bionic,now 3.2.29-0ubuntu3 amd64 [installed,automatic] +libnpth0/bionic,now 1.5-3 amd64 [installed,automatic] +libnspr4/bionic,now 2:4.18-1ubuntu1 amd64 [installed,automatic] +libnss-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libnss3/bionic-updates,bionic-security,now 2:3.35-2ubuntu2.16 amd64 [installed,automatic] +libntfs-3g88/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +libnuma1/bionic-updates,now 2.0.11-2.1ubuntu0.1 amd64 [installed,automatic] +libnvidia-container-tools/now 1.13.1-1 amd64 [installed,local] +libnvidia-container1/now 1.13.1-1 amd64 [installed,local] +libonig4/now 6.7.0-1ubuntu0.1~esm2 amd64 [installed,local] +libp11-kit0/bionic-updates,bionic-security,now 0.23.9-2ubuntu0.1 amd64 [installed,automatic] +libpam-cap/now 1:2.25-1.2ubuntu0.1~esm1 amd64 [installed,local] +libpam-modules/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-modules-bin/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libpam-pwquality/bionic,now 1.4.0-2 amd64 [installed] +libpam-runtime/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 all [installed,automatic] +libpam-systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libpam0g/bionic-updates,bionic-security,now 1.1.8-3.6ubuntu2.18.04.6 amd64 [installed,automatic] +libparted2/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +libpcap0.8/bionic-updates,now 1.8.1-6ubuntu1.18.04.2 amd64 [installed,automatic] +libpci3/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +libpcre3/bionic-updates,bionic-security,now 2:8.39-9ubuntu0.1 amd64 [installed,automatic] +libperl5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +libpipeline1/bionic,now 1.5.0-1 amd64 [installed,automatic] +libplymouth4/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +libpng16-16/bionic-updates,bionic-security,now 1.6.34-1ubuntu0.18.04.2 amd64 [installed,automatic] +libpolkit-agent-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-backend-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpolkit-gobject-1-0/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +libpopt0/bionic,now 1.16-11 amd64 [installed,automatic] +libprocps6/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +libpsl5/bionic,now 0.19.1-5build1 amd64 [installed,automatic] +libpwquality-common/bionic,now 1.4.0-2 all [installed,automatic] +libpwquality-tools/bionic,now 1.4.0-2 amd64 [installed] +libpwquality1/bionic,now 1.4.0-2 amd64 [installed,automatic] +libpython-stdlib/bionic,now 2.7.15~rc1-1 amd64 [installed] +libpython2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3-stdlib/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +libpython3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libpython3.6-stdlib/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +libquadmath0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +librados2/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +libradosstriper1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librbd1/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +librdmacm1/bionic-updates,now 17.1-1ubuntu0.2 amd64 [installed,automatic] +libreadline5/bionic,now 5.2+dfsg-3build1 amd64 [installed,automatic] +libreadline7/bionic,now 7.0-3 amd64 [installed,automatic] +libroken18-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +librtmp1/bionic,now 2.4+20151223.gitfa8646d.1-1 amd64 [installed,automatic] +libsasl2-2/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libsasl2-modules-db/bionic-updates,bionic-security,now 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 [installed,automatic] +libseccomp2/bionic-updates,bionic-security,now 2.5.1-1ubuntu1~18.04.2 amd64 [installed,automatic] +libselinux1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsemanage-common/bionic,now 2.7-2build2 all [installed,automatic] +libsemanage1/bionic,now 2.7-2build2 amd64 [installed,automatic] +libsensors4/bionic-updates,now 1:3.4.0-4ubuntu0.1 amd64 [installed,automatic] +libsepol1/bionic-updates,bionic-security,now 2.7-1ubuntu0.1 amd64 [installed,automatic] +libsigsegv2/bionic,now 2.12-1 amd64 [installed,automatic] +libslang2/bionic,now 2.3.1a-3ubuntu1 amd64 [installed,automatic] +libsmartcols1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libsnappy1v5/bionic,now 1.1.7-1 amd64 [installed,automatic] +libsqlite3-0/bionic-updates,bionic-security,now 3.22.0-1ubuntu0.7 amd64 [installed,automatic] +libss2/bionic-updates,bionic-security,now 1.44.1-1ubuntu1.4 amd64 [installed,automatic] +libssl1.0.0/bionic-updates,bionic-security,now 1.0.2n-1ubuntu5.13 amd64 [installed,automatic] +libssl1.1/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +libstdc++-7-dev/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libstdc++6/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libsysfs2/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed,automatic] +libsystemd0/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libtalloc2/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +libtasn1-6/bionic,now 4.13-2 amd64 [installed,automatic] +libtcmalloc-minimal4/bionic,now 2.5-2.2ubuntu3 amd64 [installed,automatic] +libtdb1/bionic,now 1.3.15-2 amd64 [installed] +libtevent0/bionic,now 0.9.34-1 amd64 [installed] +libtext-charwidth-perl/bionic,now 0.04-7.1 amd64 [installed,automatic] +libtext-iconv-perl/bionic,now 1.7-5build6 amd64 [installed,automatic] +libtext-wrapi18n-perl/bionic,now 0.06-7.1 all [installed,automatic] +libtinfo5/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed,automatic] +libtirpc1/bionic-updates,bionic-security,now 0.2.5-1.2ubuntu0.1 amd64 [installed,automatic] +libtsan0/bionic-updates,bionic-security,now 8.4.0-1ubuntu1~18.04 amd64 [installed,automatic] +libubsan0/bionic-updates,bionic-security,now 7.5.0-3ubuntu1~18.04 amd64 [installed,automatic] +libudev1/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +libunistring2/bionic-updates,now 0.9.9-0ubuntu2 amd64 [installed,automatic] +libunwind8/bionic-updates,now 1.2.1-8ubuntu0.1 amd64 [installed,automatic] +liburcu6/bionic-updates,now 0.10.1-1ubuntu1 amd64 [installed,automatic] +libusb-1.0-0/bionic,now 2:1.0.21-2 amd64 [installed,automatic] +libutempter0/bionic,now 1.1.6-3 amd64 [installed,automatic] +libuuid1/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +libuv1/bionic,now 1.18.0-3 amd64 [installed,automatic] +libwbclient0/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +libwind0-heimdal/bionic-updates,bionic-security,now 7.5.0+dfsg-1ubuntu0.4 amd64 [installed,automatic] +libwrap0/bionic,now 7.6.q-27 amd64 [installed] +libx11-6/now 2:1.6.4-3ubuntu0.4+esm1 amd64 [installed,local] +libx11-data/now 2:1.6.4-3ubuntu0.4+esm1 all [installed,local] +libxau6/bionic-updates,now 1:1.0.8-1ubuntu1 amd64 [installed,automatic] +libxcb1/bionic-updates,now 1.13-2~ubuntu18.04 amd64 [installed,automatic] +libxdmcp6/bionic,now 1:1.1.2-3 amd64 [installed,automatic] +libxext6/bionic,now 2:1.3.3-1 amd64 [installed,automatic] +libxml2/bionic-updates,bionic-security,now 2.9.4+dfsg1-6.1ubuntu1.9 amd64 [installed,automatic] +libxmuu1/bionic,now 2:1.1.2-2 amd64 [installed,automatic] +libxtables12/bionic-updates,now 1.6.1-2ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/bionic,now 0.1.7-2ubuntu3 amd64 [installed,automatic] +libzstd1/bionic-updates,bionic-security,now 1.3.3+dfsg-2ubuntu1.2 amd64 [installed,automatic] +linux-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-azure-5.4-cloud-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-cloud-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-azure-5.4-headers-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 all [installed] +linux-azure-5.4-headers-5.4.0-1112/now 5.4.0-1112.118~18.04.1 all [installed,local] +linux-azure-5.4-tools-5.4.0-1109/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-azure-5.4-tools-5.4.0-1112/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-base/bionic-updates,now 4.5ubuntu1.7 all [installed,automatic] +linux-base-sgx/bionic-updates,now 4.5ubuntu1.7 all [installed] +linux-cloud-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-cloud-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-cloud-tools-common/now 4.15.0-214.225 all [installed,local] +linux-headers-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-headers-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-image-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-image-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-libc-dev/now 4.15.0-214.225 amd64 [installed,local] +linux-modules-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-modules-extra-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-5.4.0-1109-azure/bionic-updates,bionic-security,now 5.4.0-1109.115~18.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure/now 5.4.0-1112.118~18.04.1 amd64 [installed,local] +linux-tools-azure/now 5.4.0.1112.85 amd64 [installed,local] +linux-tools-common/now 4.15.0-214.225 all [installed,local] +locales/bionic-updates,now 2.27-3ubuntu1.6 all [installed,automatic] +login/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed] +logrotate/bionic,now 3.11.0-0.1ubuntu1 amd64 [installed,automatic] +lsb-base/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lsb-release/bionic,now 9.20170808ubuntu1 all [installed,automatic] +lshw/bionic-updates,now 02.18-0.1ubuntu6.18.04.2 amd64 [installed,automatic] +lsof/bionic,now 4.89+dfsg-0.1 amd64 [installed,automatic] +lsscsi/bionic,now 0.28-0.1 amd64 [installed] +ltrace/bionic,now 0.7.3-6ubuntu1 amd64 [installed,automatic] +lvm2/bionic-updates,now 2.02.176-4.1ubuntu3.18.04.3 amd64 [installed] +lxcfs/bionic-updates,now 3.0.3-0ubuntu1~18.04.3 amd64 [installed,automatic] +lxd/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed] +lxd-client/bionic-updates,now 3.0.3-0ubuntu1~18.04.2 amd64 [installed,automatic] +make/bionic,now 4.1-9.1ubuntu1 amd64 [installed] +man-db/bionic-updates,now 2.8.3-2ubuntu0.1 amd64 [installed,automatic] +manpages/bionic,now 4.15-1 all [installed,automatic] +mawk/bionic,now 1.3.3-17ubuntu3 amd64 [installed,automatic] +mdadm/bionic-updates,now 4.1~rc1-3~ubuntu18.04.4 amd64 [installed] +mime-support/bionic,now 3.60ubuntu1 all [installed,automatic] +mlocate/bionic,now 0.26-2ubuntu3.1 amd64 [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu18.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu18.04u1] +moby-runc/testing,bionic,now 1.1.7+azure-ubuntu18.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu18.04u1] +mokutil/bionic-updates,now 0.6.0-2~18.04.1 amd64 [installed] +motd-news-config/bionic-updates,now 10.1ubuntu2.11 all [installed] +mount/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +mtr-tiny/bionic,now 0.92-1 amd64 [installed,automatic] +multiarch-support/bionic-updates,now 2.27-3ubuntu1.6 amd64 [installed,automatic] +nano/bionic,now 2.9.3-2 amd64 [installed,automatic] +ncurses-base/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +ncurses-bin/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 amd64 [installed] +ncurses-term/bionic-updates,bionic-security,now 6.1-1ubuntu1.18.04.1 all [installed] +net-tools/bionic,now 1.60+git20161116.90da8a0-1ubuntu1 amd64 [installed] +netbase/bionic,now 5.4 all [installed,automatic] +netcat/bionic,now 1.10-41.1 all [installed] +netcat-openbsd/bionic-updates,now 1.187-1ubuntu0.1 amd64 [installed,automatic] +netcat-traditional/bionic,now 1.10-41.1 amd64 [installed,automatic] +netplan.io/bionic-updates,now 0.99-0ubuntu3~18.04.5 amd64 [installed,automatic] +networkd-dispatcher/bionic-updates,bionic-security,now 1.7-0ubuntu3.5 all [installed,automatic] +nfs-common/bionic-updates,now 1:1.3.4-2.1ubuntu5.5 amd64 [installed] +nftables/bionic,now 0.8.2-1 amd64 [installed] +nplan/bionic-updates,now 0.99-0ubuntu3~18.04.5 all [installed,automatic] +ntfs-3g/bionic-updates,bionic-security,now 1:2017.3.23-2ubuntu0.18.04.5 amd64 [installed,automatic] +nvidia-container-runtime/now 3.13.0-1 all [installed,local] +nvidia-container-toolkit/now 1.13.1-1 amd64 [installed,local] +nvidia-container-toolkit-base/now 1.13.1-1 amd64 [installed,local] +open-iscsi/now 2.0.874-5ubuntu2.11+esm1 amd64 [installed,local] +openssh-client/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssh-sftp-server/now 1:7.6p1-4ubuntu0.7+esm2 amd64 [installed,local] +openssl/now 1.1.1-1ubuntu2.1~18.04.23+esm1 amd64 [installed,local] +os-prober/bionic,now 1.74ubuntu1 amd64 [installed,automatic] +overlayroot/bionic-updates,now 0.40ubuntu1.1 all [installed] +packages-microsoft-prod/bionic,now 1.0-ubuntu18.04.2 all [installed] +parted/bionic-updates,now 3.2-20ubuntu0.2 amd64 [installed,automatic] +passwd/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +pastebinit/bionic,now 1.5-2 all [installed,automatic] +patch/bionic-updates,bionic-security,now 2.7.6-2ubuntu1.1 amd64 [installed] +pciutils/bionic-updates,now 1:3.5.2-1ubuntu1.1 amd64 [installed,automatic] +perl/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-base/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 amd64 [installed,automatic] +perl-modules-5.26/bionic-updates,bionic-security,now 5.26.1-6ubuntu0.7 all [installed,automatic] +pigz/bionic,now 2.4-1 amd64 [installed] +pinentry-curses/bionic,now 1.1.0-1 amd64 [installed,automatic] +plymouth/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/bionic-updates,now 0.9.3-1ubuntu7.18.04.2 amd64 [installed,automatic] +policykit-1/bionic-updates,bionic-security,now 0.105-20ubuntu0.18.04.6 amd64 [installed,automatic] +pollinate/bionic-updates,now 4.33-0ubuntu1~18.04.2 all [installed] +popularity-contest/bionic,now 1.66ubuntu1 all [installed,automatic] +powermgmt-base/bionic,now 1.33 all [installed,automatic] +procps/bionic-updates,now 2:3.3.12-3ubuntu1.2 amd64 [installed,automatic] +psmisc/bionic-updates,now 23.1-1ubuntu0.1 amd64 [installed,automatic] +publicsuffix/bionic,now 20180223.1310-1 all [installed,automatic] +python/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-apt-common/bionic-updates,now 1.6.6 all [installed,automatic] +python-cephfs/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python-crypto/bionic,now 2.6.1-8ubuntu2 amd64 [installed] +python-idna/bionic,now 2.6-1 all [installed,automatic] +python-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed,automatic] +python-ldb/bionic-updates,bionic-security,now 2:1.2.3-1ubuntu0.2 amd64 [installed] +python-minimal/bionic,now 2.7.15~rc1-1 amd64 [installed] +python-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python-prettytable/bionic,now 0.7.2-3 all [installed,automatic] +python-rados/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-rbd/bionic-updates,bionic-security,now 12.2.13-0ubuntu0.18.04.11 amd64 [installed,automatic] +python-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python-samba/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +python-six/bionic,now 1.11.0-2 all [installed] +python-talloc/bionic,now 2.1.10-2ubuntu1 amd64 [installed] +python-tdb/bionic,now 1.3.15-2 amd64 [installed] +python-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python2.7/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python2.7-minimal/now 2.7.17-1~18.04ubuntu1.13 amd64 [installed,local] +python3/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-apport/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-apt/bionic-updates,now 1.6.6 amd64 [installed,automatic] +python3-asn1crypto/bionic,now 0.24.0-1 all [installed,automatic] +python3-attr/bionic,now 17.4.0-2 all [installed,automatic] +python3-automat/bionic,now 0.6.0-1 all [installed,automatic] +python3-blinker/bionic,now 1.4+dfsg1-0.1 all [installed] +python3-certifi/bionic,now 2018.1.18-2 all [installed,automatic] +python3-cffi-backend/bionic,now 1.11.5-1 amd64 [installed,automatic] +python3-chardet/bionic,now 3.0.4-1 all [installed,automatic] +python3-click/bionic,now 6.7-3 all [installed,automatic] +python3-colorama/bionic,now 0.3.7-1 all [installed,automatic] +python3-commandnotfound/bionic-updates,now 18.04.6 all [installed,automatic] +python3-configobj/bionic,now 5.0.6-2 all [installed,automatic] +python3-constantly/bionic,now 15.1.0-1 all [installed,automatic] +python3-cryptography/bionic-updates,bionic-security,now 2.1.4-1ubuntu1.4 amd64 [installed,automatic] +python3-dbus/bionic,now 1.2.6-1 amd64 [installed,automatic] +python3-debconf/bionic-updates,now 1.5.66ubuntu1 all [installed,automatic] +python3-debian/bionic,now 0.1.32 all [installed,automatic] +python3-distro-info/bionic-updates,bionic-security,now 0.18ubuntu0.18.04.1 all [installed,automatic] +python3-distupgrade/bionic-updates,now 1:18.04.45 all [installed,automatic] +python3-distutils/bionic-updates,now 3.6.9-1~18.04 all [installed] +python3-gdbm/bionic-updates,now 3.6.9-1~18.04 amd64 [installed,automatic] +python3-gi/bionic-updates,now 3.26.1-2ubuntu1 amd64 [installed,automatic] +python3-httplib2/bionic-updates,now 0.9.2+dfsg-1ubuntu0.3 all [installed,automatic] +python3-hyperlink/bionic,now 17.3.1-2 all [installed,automatic] +python3-idna/bionic,now 2.6-1 all [installed,automatic] +python3-incremental/bionic,now 16.10.1-3 all [installed,automatic] +python3-jinja2/bionic-updates,bionic-security,now 2.10-1ubuntu0.18.04.1 all [installed] +python3-json-pointer/bionic,now 1.10-1 all [installed] +python3-jsonpatch/bionic,now 1.19+really1.16-1fakesync1 all [installed] +python3-jsonschema/bionic,now 2.6.0-2 all [installed] +python3-jwt/bionic-updates,bionic-security,now 1.5.3+ds1-1ubuntu0.1 all [installed] +python3-lib2to3/bionic-updates,now 3.6.9-1~18.04 all [installed,automatic] +python3-markupsafe/bionic,now 1.0-1build1 amd64 [installed] +python3-minimal/bionic-updates,now 3.6.7-1~18.04 amd64 [installed,automatic] +python3-netifaces/bionic,now 0.10.4-0.1build4 amd64 [installed,automatic] +python3-newt/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +python3-oauthlib/bionic,now 2.0.6-1 all [installed] +python3-openssl/bionic,now 17.5.0-1ubuntu1 all [installed,automatic] +python3-pam/bionic,now 0.4.2-13.2ubuntu4 amd64 [installed,automatic] +python3-parted/bionic,now 3.11.1-1ubuntu2 amd64 [installed] +python3-pexpect/bionic,now 4.2.1-1 all [installed,automatic] +python3-pkg-resources/bionic-updates,bionic-security,now 39.0.1-2ubuntu0.1 all [installed,automatic] +python3-problem-report/bionic-updates,bionic-security,now 2.20.9-0ubuntu7.29 all [installed,automatic] +python3-ptyprocess/bionic,now 0.5.2-1 all [installed,automatic] +python3-pyasn1/bionic,now 0.4.2-3 all [installed,automatic] +python3-pyasn1-modules/bionic,now 0.2.1-0.2 all [installed,automatic] +python3-requests/now 2.18.4-2ubuntu0.1+esm1 all [installed,local] +python3-requests-unixsocket/bionic,now 0.1.5-3 all [installed,automatic] +python3-serial/bionic,now 3.4-2 all [installed,automatic] +python3-service-identity/bionic,now 16.0.0-2 all [installed,automatic] +python3-six/bionic,now 1.11.0-2 all [installed,automatic] +python3-software-properties/bionic-updates,now 0.96.24.32.22 all [installed,automatic] +python3-twisted/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 all [installed,automatic] +python3-twisted-bin/bionic-updates,bionic-security,now 17.9.0-2ubuntu0.3 amd64 [installed,automatic] +python3-update-manager/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +python3-urllib3/bionic-updates,bionic-security,now 1.22-1ubuntu0.18.04.2 all [installed,automatic] +python3-yaml/bionic,now 3.12-1build2 amd64 [installed,automatic] +python3-zope.interface/bionic,now 4.3.2-1build2 amd64 [installed,automatic] +python3.6/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +python3.6-minimal/now 3.6.9-1~18.04ubuntu1.13 amd64 [installed,local] +readline-common/bionic,now 7.0-3 all [installed,automatic] +rng-tools/bionic,now 5-0ubuntu4 amd64 [installed] +rpcbind/bionic-updates,bionic-security,now 0.2.3-0.6ubuntu0.18.04.4 amd64 [installed,automatic] +rsync/bionic-updates,bionic-security,now 3.1.2-2.1ubuntu1.6 amd64 [installed,automatic] +rsyslog/bionic-updates,bionic-security,now 8.32.0-1ubuntu4.2 amd64 [installed,automatic] +run-one/bionic,now 1.17-0ubuntu1 all [installed,automatic] +samba-common/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 all [installed] +samba-common-bin/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +samba-libs/bionic-updates,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.29 amd64 [installed] +sbsigntool/bionic-updates,now 0.9.2-2ubuntu1~18.04.2 amd64 [installed] +screen/now 4.6.2-1ubuntu1.1+esm1 amd64 [installed,local] +secureboot-db/bionic-updates,now 1.4~ubuntu0.18.04.1 amd64 [installed] +sed/bionic,now 4.4-2 amd64 [installed,automatic] +sensible-utils/bionic,now 0.0.12 all [installed,automatic] +shared-mime-info/bionic,now 1.9-2 amd64 [installed,automatic] +shim-signed/bionic-updates,now 1.37~18.04.13+15.7-0ubuntu1 amd64 [installed] +socat/bionic,now 1.7.3.2-2ubuntu2 amd64 [installed] +software-properties-common/bionic-updates,now 0.96.24.32.22 all [installed] +sosreport/bionic-updates,now 4.4-1ubuntu0.18.04.1 amd64 [installed] +squashfs-tools/bionic-updates,bionic-security,now 1:4.3-6ubuntu0.18.04.4 amd64 [installed,automatic] +ssh-import-id/bionic-updates,now 5.7-0ubuntu1.1 all [installed] +strace/bionic,now 4.21-1ubuntu1 amd64 [installed,automatic] +sudo/bionic-updates,bionic-security,now 1.8.21p2-3ubuntu1.6 amd64 [installed,automatic] +sysfsutils/bionic,bionic-updates,now 2.1.0+repack-4build1 amd64 [installed] +sysstat/now 11.6.1-1ubuntu0.2+esm1 amd64 [installed,local] +systemd/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +systemd-sysv/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +sysvinit-utils/bionic,now 2.88dsf-59.10ubuntu1 amd64 [installed] +tar/bionic-updates,bionic-security,now 1.29b-2ubuntu0.4 amd64 [installed,automatic] +tcpdump/bionic-updates,now 4.9.3-0ubuntu0.18.04.3 amd64 [installed,automatic] +telnet/bionic,now 0.17-41 amd64 [installed,automatic] +time/bionic,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/bionic-updates,bionic-security,now 2.6-3ubuntu0.3 amd64 [installed] +traceroute/bionic,now 1:2.1.0-2 amd64 [installed] +tzdata/bionic-updates,bionic-security,now 2023c-0ubuntu0.18.04 all [installed,automatic] +ubuntu-advantage-tools/bionic-updates,now 28.1~18.04 amd64 [installed,automatic] +ubuntu-keyring/bionic-updates,now 2018.09.18.1~18.04.2 all [installed,automatic] +ubuntu-minimal/bionic-updates,now 1.417.5 amd64 [installed] +ubuntu-release-upgrader-core/bionic-updates,now 1:18.04.45 all [installed,automatic] +ubuntu-standard/bionic-updates,now 1.417.5 amd64 [installed] +ucf/bionic,now 3.0038 all [installed,automatic] +udev/bionic-updates,bionic-security,now 237-3ubuntu10.57 amd64 [installed,automatic] +ufw/bionic-updates,now 0.36-0ubuntu0.18.04.2 all [installed,automatic] +uidmap/bionic-updates,bionic-security,now 1:4.5-1ubuntu2.5 amd64 [installed,automatic] +unattended-upgrades/bionic-updates,now 1.1ubuntu1.18.04.14 all [installed,automatic] +update-manager-core/bionic-updates,now 1:18.04.11.13 all [installed,automatic] +update-notifier-common/bionic-updates,now 3.192.1.19 all [installed] +ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] +usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] +util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] +uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] +wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] +whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] +wireless-regdb/bionic-updates,bionic-security,now 2022.06.06-0ubuntu1~18.04.1 all [installed] +xauth/bionic,now 1:1.0.10-1 amd64 [installed,automatic] +xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] +xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] +xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] +zip/bionic,now 3.0-11build1 amd64 [installed] +zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +udev 56G 0 56G 0% /dev +tmpfs 12G 664K 12G 1% /run +/dev/sda1 29G 24G 5.9G 80% / +tmpfs 56G 0 56G 0% /dev/shm +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 56G 0 56G 0% /sys/fs/cgroup +/dev/sda15 105M 5.3M 100M 5% /boot/efi +/dev/sdb1 724G 32K 687G 1% /mnt +tmpfs 12G 0 12G 0% /run/user/1000 +Using kernel: +Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 +Install completed successfully on Tue Aug 22 17:02:09 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 18.04 +Hyperv generation: V2 +Feature flags: fullgpudaemon +Container runtime: containerd +FIPS enabled: +=== os-release Begin +NAME="Ubuntu" +VERSION="18.04.6 LTS (Bionic Beaver)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 18.04.6 LTS" +VERSION_ID="18.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=bionic +UBUNTU_CODENAME=bionic +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-image-list.json index 241cd507486..f317328444a 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "1804gen2gpucontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-report.json index 4741eb6a67a..c53296bc0ca 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvm4ak08clj5d", + "ArtifactName": "pkrvmhf5p9ngf5i", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvm4ak08clj5d (ubuntu 18.04)", + "Target": "pkrvmhf5p9ngf5i (ubuntu 18.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest.txt index cf91980216a..88948792664 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/1804gpucontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:54 UTC 2023 +Starting build on Tue Aug 22 16:25:32 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -96,20 +97,20 @@ containerd images pre-pulled: - /var/lib/kubelet/device-plugins - extracted nvidia-device-plugin... total 19968 --rwxr-xr-x 1 root root 900 Aug 16 17:23 nvidia-sleep.sh --rwxr-xr-x 1 root root 355344 Aug 16 17:23 nvidia-installer --rwxr-xr-x 1 root root 38025 Aug 16 17:23 nvidia-bug-report.sh --rwxr-xr-x 1 root root 638416 Aug 16 17:23 nvidia-smi --rwxr-xr-x 1 root root 137904 Aug 16 17:23 nvidia-debugdump --rwxr-xr-x 1 root root 18664 Aug 16 17:23 nvidia-cuda-mps-server --rwxr-xr-x 1 root root 54184 Aug 16 17:23 nvidia-cuda-mps-control --rwxr-xr-x 1 root root 208336 Aug 16 17:23 nvidia-persistenced --rwxr-xr-x 1 root root 602752 Aug 16 17:23 nvidia-powerd --rwxr-xr-x 1 root root 207424 Aug 16 17:23 nvidia-xconfig --rwxr-xr-x 1 root root 306312 Aug 16 17:23 nvidia-settings --rwxr-xr-x 1 root root 3892304 Aug 16 17:24 nvidia-ngx-updater -lrwxrwxrwx 1 root root 16 Aug 16 17:24 nvidia-uninstall -> nvidia-installer --rwxr-xr-x 1 root root 13960920 Aug 16 17:38 nvidia-device-plugin +-rwxr-xr-x 1 root root 355344 Aug 22 16:40 nvidia-installer +-rwxr-xr-x 1 root root 38025 Aug 22 16:40 nvidia-bug-report.sh +-rwxr-xr-x 1 root root 900 Aug 22 16:40 nvidia-sleep.sh +-rwxr-xr-x 1 root root 638416 Aug 22 16:40 nvidia-smi +-rwxr-xr-x 1 root root 137904 Aug 22 16:40 nvidia-debugdump +-rwxr-xr-x 1 root root 18664 Aug 22 16:40 nvidia-cuda-mps-server +-rwxr-xr-x 1 root root 54184 Aug 22 16:40 nvidia-cuda-mps-control +-rwxr-xr-x 1 root root 208336 Aug 22 16:40 nvidia-persistenced +-rwxr-xr-x 1 root root 602752 Aug 22 16:40 nvidia-powerd +-rwxr-xr-x 1 root root 207424 Aug 22 16:40 nvidia-xconfig +-rwxr-xr-x 1 root root 306312 Aug 22 16:40 nvidia-settings +-rwxr-xr-x 1 root root 3892304 Aug 22 16:40 nvidia-ngx-updater +lrwxrwxrwx 1 root root 16 Aug 22 16:40 nvidia-uninstall -> nvidia-installer +-rwxr-xr-x 1 root root 13960920 Aug 22 16:56 nvidia-device-plugin - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 @@ -147,17 +148,17 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 593 Aug 16 17:08 /usr/local/bin/logrotate.sh --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:19 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:19 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:21 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:21 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:21 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:24 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 593 Aug 22 16:25 /usr/local/bin/logrotate.sh +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:35 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:35 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:38 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:38 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:38 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:41 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/bionic-updates,bionic-security,now 0.6.45-1ubuntu1.3 amd64 [installed,automatic] @@ -811,10 +812,10 @@ ureadahead/bionic-updates,now 0.100.0-21 amd64 [installed,automatic] usbutils/bionic,now 1:007-4build1 amd64 [installed,automatic] util-linux/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed] uuid-runtime/bionic-updates,bionic-security,now 2.31.1-0.4ubuntu3.7 amd64 [installed,automatic] -vim/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] -vim-common/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm3 all [installed,local] -vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +vim/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] +vim-common/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-runtime/now 2:8.0.1453-1ubuntu1.13+esm4 all [installed,local] +vim-tiny/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] walinuxagent/bionic-updates,now 2.2.45-0ubuntu1~18.04.3 amd64 [installed] wget/bionic-updates,bionic-security,now 1.19.4-1ubuntu2.2 amd64 [installed,automatic] whiptail/bionic,now 0.52.20-1ubuntu1 amd64 [installed,automatic] @@ -824,7 +825,7 @@ xdelta3/bionic,now 3.0.11-dfsg-1ubuntu1 amd64 [installed,automatic] xdg-user-dirs/bionic,now 0.17-1ubuntu1 amd64 [installed,automatic] xfsprogs/bionic,now 4.9.0+nmu1ubuntu2 amd64 [installed] xkb-data/bionic-updates,now 2.23.1-1ubuntu1.18.04.1 all [installed,automatic] -xxd/now 2:8.0.1453-1ubuntu1.13+esm3 amd64 [installed,local] +xxd/now 2:8.0.1453-1ubuntu1.13+esm4 amd64 [installed,local] xz-utils/bionic-updates,bionic-security,now 5.2.2-1.3ubuntu0.1 amd64 [installed] zip/bionic,now 3.0-11build1 amd64 [installed] zlib1g/bionic-updates,bionic-security,now 1:1.2.11.dfsg-0ubuntu2.2 amd64 [installed,automatic] @@ -833,7 +834,7 @@ Disk usage: Filesystem Size Used Avail Use% Mounted on udev 56G 0 56G 0% /dev tmpfs 12G 664K 12G 1% /run -/dev/sda1 29G 23G 6.1G 80% / +/dev/sda1 29G 24G 5.9G 80% / tmpfs 56G 0 56G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 56G 0 56G 0% /sys/fs/cgroup @@ -842,10 +843,10 @@ tmpfs 56G 0 56G 0% /sys/fs/cgroup tmpfs 12G 0 12G 0% /run/user/1000 Using kernel: Linux version 5.4.0-1112-azure (buildd@bos03-amd64-017) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Wed Jul 12 15:44:44 UTC 2023 -Install completed successfully on Wed Aug 16 17:43:38 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:02:09 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 18.04 Hyperv generation: V2 Feature flags: fullgpudaemon diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..053458b68ff --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "2004gen2CVMcontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..0f5dc7283bc --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,5784 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm4ceeqwclqu", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "20.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm4ceeqwclqu (ubuntu 20.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-5.15-cloud-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-cloud-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-5.15-cloud-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-cloud-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-5.15-cloud-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-cloud-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-5.15-cloud-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-cloud-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-5.15-cloud-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-cloud-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-azure-5.15-cloud-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-cloud-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-5.15-headers-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-headers-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-5.15-headers-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-headers-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-5.15-headers-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-headers-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-5.15-headers-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-headers-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-5.15-headers-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-headers-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-azure-5.15-headers-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-headers-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-5.15-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-5.15-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-5.15-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-5.15-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-5.15-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-azure-5.15-tools-5.15.0-1039@5.15.0-1039.46~20.04.1", + "PkgName": "linux-azure-5.15-tools-5.15.0-1039", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-cloud-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-cloud-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-cloud-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-cloud-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-cloud-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-cloud-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-cloud-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-cloud-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-cloud-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-cloud-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-cloud-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-cloud-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-cloud-tools-common@5.4.0-150.167", + "PkgName": "linux-cloud-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-32629", + "PkgID": "linux-cloud-tools-common@5.4.0-150.167", + "PkgName": "linux-cloud-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32629", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "In Ubuntu skip permission checking for trusted.overlayfs.* xattrs", + "Description": "Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels", + "Severity": "HIGH", + "CweIDs": [ + "CWE-863" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-32629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629", + "https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html", + "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32629", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://wiz.io/blog/ubuntu-overlayfs-vulnerability", + "https://www.cve.org/CVERecord?id=CVE-2023-32629", + "https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability" + ], + "PublishedDate": "2023-07-26T02:15:00Z", + "LastModifiedDate": "2023-08-02T20:00:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-cloud-tools-common@5.4.0-150.167", + "PkgName": "linux-cloud-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-cloud-tools-common@5.4.0-150.167", + "PkgName": "linux-cloud-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-cloud-tools-common@5.4.0-150.167", + "PkgName": "linux-cloud-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-153.170", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-headers-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-headers-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-headers-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-headers-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-headers-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-headers-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-headers-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-headers-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-headers-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-headers-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-headers-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-headers-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-modules-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-extra-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-extra-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-extra-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-extra-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-extra-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-extra-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-extra-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-extra-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-extra-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-extra-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-modules-extra-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-modules-extra-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1042.49~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-tools-5.15.0-1039-azure@5.15.0-1039.46~20.04.1", + "PkgName": "linux-tools-5.15.0-1039-azure", + "InstalledVersion": "5.15.0-1039.46~20.04.1", + "FixedVersion": "5.15.0-1041.48~20.04.1", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-tools-common@5.4.0-150.167", + "PkgName": "linux-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-32629", + "PkgID": "linux-tools-common@5.4.0-150.167", + "PkgName": "linux-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-32629", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "In Ubuntu skip permission checking for trusted.overlayfs.* xattrs", + "Description": "Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels", + "Severity": "HIGH", + "CweIDs": [ + "CWE-863" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-32629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629", + "https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html", + "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-32629", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://wiz.io/blog/ubuntu-overlayfs-vulnerability", + "https://www.cve.org/CVERecord?id=CVE-2023-32629", + "https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability" + ], + "PublishedDate": "2023-07-26T02:15:00Z", + "LastModifiedDate": "2023-08-02T20:00:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-tools-common@5.4.0-150.167", + "PkgName": "linux-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-tools-common@5.4.0-150.167", + "PkgName": "linux-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-155.172", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35788", + "PkgID": "linux-tools-common@5.4.0-150.167", + "PkgName": "linux-tools-common", + "InstalledVersion": "5.4.0-150.167", + "FixedVersion": "5.4.0-153.170", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35788", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write in fl_set_geneve_opt()", + "Description": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/06/17/1", + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-35788", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", + "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)", + "https://linux.oracle.com/cve/CVE-2023-35788.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35788", + "https://security.netapp.com/advisory/ntap-20230714-0002/", + "https://ubuntu.com/security/notices/USN-6192-1", + "https://ubuntu.com/security/notices/USN-6193-1", + "https://ubuntu.com/security/notices/USN-6194-1", + "https://ubuntu.com/security/notices/USN-6205-1", + "https://ubuntu.com/security/notices/USN-6206-1", + "https://ubuntu.com/security/notices/USN-6212-1", + "https://ubuntu.com/security/notices/USN-6220-1", + "https://ubuntu.com/security/notices/USN-6223-1", + "https://ubuntu.com/security/notices/USN-6234-1", + "https://ubuntu.com/security/notices/USN-6235-1", + "https://ubuntu.com/security/notices/USN-6256-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35788", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", + "https://www.openwall.com/lists/oss-security/2023/06/07/1", + "https://www.openwall.com/lists/oss-security/2023/06/12/1" + ], + "PublishedDate": "2023-06-16T21:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0.txt new file mode 100644 index 00000000000..2258889db8c --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/202308.22.0.txt @@ -0,0 +1,903 @@ +Starting build on Tue Aug 22 16:21:46 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:21 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:21 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:28 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:28 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:33 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:35 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/now 0.6.55-0ubuntu12~20.04.5 amd64 [installed,upgradable to: 0.6.55-0ubuntu12~20.04.6] +acr-mirror/now 0.1.0 amd64 [installed,local] +adduser/focal,now 3.118ubuntu2 all [installed,automatic] +alsa-topology-conf/focal,now 1.2.2-1 all [installed,automatic] +alsa-ucm-conf/focal-updates,now 1.2.2-1ubuntu0.13 all [installed,automatic] +apparmor/focal-updates,now 2.13.3-7ubuntu5.2 amd64 [installed,automatic] +apt-transport-https/focal-updates,now 2.0.9 all [installed] +apt-utils/focal-updates,now 2.0.9 amd64 [installed,automatic] +apt/focal-updates,now 2.0.9 amd64 [installed,automatic] +at/focal,now 3.1.23-1ubuntu1 amd64 [installed] +attr/focal,now 1:2.4.48-5 amd64 [installed,automatic] +base-files/focal-updates,now 11ubuntu5.7 amd64 [installed] +base-passwd/focal,now 3.5.47 amd64 [installed] +bash-completion/focal,now 1:2.10-1ubuntu1 all [installed,automatic] +bash/focal-updates,focal-security,now 5.0-6ubuntu1.2 amd64 [installed] +bc/focal,now 1.07.1-2build1 amd64 [installed,automatic] +bcache-tools/focal-updates,now 1.0.8-3ubuntu0.1 amd64 [installed] +bind9-dnsutils/now 1:9.16.1-0ubuntu2.14 amd64 [installed,upgradable to: 1:9.16.1-0ubuntu2.15] +bind9-host/now 1:9.16.1-0ubuntu2.14 amd64 [installed,upgradable to: 1:9.16.1-0ubuntu2.15] +bind9-libs/now 1:9.16.1-0ubuntu2.14 amd64 [installed,upgradable to: 1:9.16.1-0ubuntu2.15] +binfmt-support/focal,now 2.2.0-2 amd64 [installed,automatic] +binutils-common/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +binutils/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +blobfuse/focal,now 1.4.5 amd64 [installed] +bolt/focal-updates,now 0.9.1-2~ubuntu20.04.2 amd64 [installed,automatic] +bsdmainutils/focal,now 11.1.2ubuntu3 amd64 [installed,automatic] +bsdutils/focal-updates,now 1:2.34-0.1ubuntu9.4 amd64 [installed,automatic] +btrfs-progs/focal,now 5.4.1-2 amd64 [installed] +build-essential/focal-updates,now 12.8ubuntu1.1 amd64 [installed] +busybox-initramfs/focal-updates,focal-security,now 1:1.30.1-4ubuntu6.4 amd64 [installed,automatic] +busybox-static/focal-updates,focal-security,now 1:1.30.1-4ubuntu6.4 amd64 [installed,automatic] +byobu/focal,now 5.133-0ubuntu1 all [installed] +bzip2/focal,now 1.0.8-2 amd64 [installed,automatic] +ca-certificates/focal-updates,focal-security,now 20230311ubuntu0.20.04.1 all [installed] +ceph-common/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed] +cgroup-lite/focal,now 1.15 all [installed] +chrony/focal-updates,focal-security,now 3.5-6ubuntu6.2 amd64 [installed] +cifs-utils/focal-updates,focal-security,now 2:6.9-1ubuntu0.2 amd64 [installed] +cloud-guest-utils/focal,now 0.31-7-gd99b2d76-0ubuntu1 all [installed] +cloud-init/focal-security,now 23.1.2-0ubuntu0~20.04.2 all [installed,upgradable to: 23.2.2-0ubuntu0~20.04.1] +cloud-initramfs-copymods/focal-updates,now 0.45ubuntu2 all [installed] +cloud-initramfs-dyn-netconf/focal-updates,now 0.45ubuntu2 all [installed] +command-not-found/focal-updates,now 20.04.6 all [installed,automatic] +conntrack/focal,now 1:1.4.5-2 amd64 [installed] +console-setup-linux/focal,now 1.194ubuntu3 all [installed,automatic] +console-setup/focal,now 1.194ubuntu3 all [installed,automatic] +coreutils/focal,now 8.30-3ubuntu2 amd64 [installed,automatic] +cpio/focal-updates,focal-security,now 2.13+dfsg-2ubuntu0.3 amd64 [installed,automatic] +cpp-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +cpp/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic] +cracklib-runtime/focal,now 2.9.6-3.2 amd64 [installed] +crda/focal,now 3.18-1build1 amd64 [installed,automatic] +cron/focal,now 3.0pl1-136ubuntu1 amd64 [installed,automatic] +cryptsetup-bin/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +cryptsetup-initramfs/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 all [installed,automatic] +cryptsetup-run/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 all [installed,automatic] +cryptsetup/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +curl/now 7.68.0-1ubuntu2.18 amd64 [installed,upgradable to: 7.68.0-1ubuntu2.19] +dash/focal,now 0.5.10.2-6 amd64 [installed] +dbus-user-session/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +dbus/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +dconf-gsettings-backend/focal,now 0.36.0-1 amd64 [installed,automatic] +dconf-service/focal,now 0.36.0-1 amd64 [installed,automatic] +dctrl-tools/focal,now 2.24-3 amd64 [installed,automatic] +debconf-i18n/focal,now 1.5.73 all [installed,automatic] +debconf/focal,now 1.5.73 all [installed,automatic] +debianutils/focal,now 4.9.1 amd64 [installed,automatic] +diffutils/focal,now 1:3.7-3 amd64 [installed] +dirmngr/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed] +distro-info-data/focal-updates,now 0.43ubuntu1.13 all [installed,automatic] +distro-info/focal,now 0.23ubuntu1 amd64 [installed,upgradable to: 0.23ubuntu1.1] +dkms/focal-updates,now 2.8.1-5ubuntu2 all [installed] +dmeventd/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +dmidecode/focal,now 3.2-3 amd64 [installed,automatic] +dmsetup/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +dnsutils/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 all [installed] +dosfstools/focal,now 4.1-2 amd64 [installed,automatic] +dpkg-dev/focal-updates,focal-security,now 1.19.7ubuntu3.2 all [installed,automatic] +dpkg/focal-updates,focal-security,now 1.19.7ubuntu3.2 amd64 [installed,automatic] +e2fsprogs/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +eatmydata/focal,now 105-7 all [installed] +ebtables/focal,now 2.0.11-3build1 amd64 [installed] +ed/focal,now 1.16-1 amd64 [installed,automatic] +efibootmgr/focal,now 17-1 amd64 [installed] +eject/focal,now 2.1.5+deb1+cvs20081104-14 amd64 [installed,automatic] +ethtool/focal,now 1:5.4-1 amd64 [installed] +fdisk/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +file/focal,now 1:5.38-4 amd64 [installed,automatic] +finalrd/focal-updates,now 6~ubuntu20.04.1 all [installed,automatic] +findutils/focal,now 4.7.0-1ubuntu1 amd64 [installed] +fonts-ubuntu-console/focal,now 0.83-4ubuntu1 all [installed] +friendly-recovery/focal-updates,now 0.2.41ubuntu0.20.04.1 all [installed,automatic] +ftp/focal,now 0.17-34.1 amd64 [installed,automatic] +fuse/focal,now 2.9.9-3 amd64 [installed] +fwupd-signed/now 1.51~20.04.1+1.2-3ubuntu0.2 amd64 [installed,upgradable to: 1.51.1~20.04.1+1.4-0ubuntu0.1] +fwupd/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed] +g++-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +g++/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic] +gawk/focal,now 1:5.0.1+dfsg-1 amd64 [installed,automatic] +gcc-10-base/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +gcc-9-base/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +gcc-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +gcc/focal,now 4:9.3.0-1ubuntu2 amd64 [installed] +gdisk/focal,now 1.0.5-1 amd64 [installed,automatic] +gettext-base/focal,now 0.19.8.1-10build1 amd64 [installed,automatic] +gir1.2-glib-2.0/focal-updates,now 1.64.1-1~ubuntu20.04.1 amd64 [installed,automatic] +gir1.2-packagekitglib-1.0/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +git-man/focal-updates,focal-security,now 1:2.25.1-1ubuntu3.11 all [installed,automatic] +git/focal-updates,focal-security,now 1:2.25.1-1ubuntu3.11 amd64 [installed] +glib-networking-common/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 all [installed,automatic] +glib-networking-services/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 amd64 [installed,automatic] +glib-networking/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 amd64 [installed,automatic] +glusterfs-client/focal,now 7.2-2build1 amd64 [installed] +glusterfs-common/focal,now 7.2-2build1 amd64 [installed,automatic] +gnupg-l10n/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 all [installed,automatic] +gnupg-utils/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gnupg/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 all [installed] +gpg-agent/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg-wks-client/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg-wks-server/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgconf/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgsm/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgv/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +grep/focal,now 3.4-1 amd64 [installed] +groff-base/focal,now 1.22.4-4build1 amd64 [installed,automatic] +grub-common/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub-efi-amd64-bin/focal-updates,now 2.06-2ubuntu14.1 amd64 [installed,automatic] +grub-efi-amd64/focal-updates,now 2.06-2ubuntu14.1 amd64 [installed,automatic] +grub-efi/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed] +grub2-common/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +gsettings-desktop-schemas/focal,now 3.36.0-1ubuntu1 all [installed,automatic] +gzip/focal-updates,focal-security,now 1.10-0ubuntu4.1 amd64 [installed] +hdparm/focal,now 9.58+ds-4 amd64 [installed,automatic] +hostname/focal,now 3.23 amd64 [installed] +htop/focal,now 2.2.0-2build1 amd64 [installed] +iftop/focal,now 1.0~pre4-6build1 amd64 [installed] +info/focal,now 6.7.0.dfsg.2-5 amd64 [installed,automatic] +init-system-helpers/focal,now 1.57 all [installed] +init/focal,now 1.57 amd64 [installed] +initramfs-tools-bin/focal-updates,now 0.136ubuntu6.7 amd64 [installed,automatic] +initramfs-tools-core/focal-updates,now 0.136ubuntu6.7 all [installed,automatic] +initramfs-tools/focal-updates,now 0.136ubuntu6.7 all [installed] +inotify-tools/focal,now 3.14-8 amd64 [installed] +install-info/focal,now 6.7.0.dfsg.2-5 amd64 [installed,automatic] +iotop/focal-updates,now 0.6-24-g733f3f8-1ubuntu0.1 amd64 [installed] +iproute2/focal,now 5.5.0-1ubuntu1 amd64 [installed] +ipset/focal-updates,now 7.5-1ubuntu0.20.04.1 amd64 [installed] +iptables/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed] +iputils-ping/focal,now 3:20190709-3 amd64 [installed,automatic] +iputils-tracepath/focal,now 3:20190709-3 amd64 [installed,automatic] +irqbalance/focal,now 1.6.0-3ubuntu1 amd64 [installed,automatic] +isc-dhcp-client/focal-updates,now 4.4.1-2.1ubuntu5.20.04.5 amd64 [installed,automatic] +isc-dhcp-common/focal-updates,now 4.4.1-2.1ubuntu5.20.04.5 amd64 [installed,automatic] +iso-codes/focal,now 4.4-1 all [installed,automatic] +iw/focal,now 5.4-1 amd64 [installed,automatic] +jq/focal-updates,now 1.6-1ubuntu0.20.04.1 amd64 [installed] +kbd/focal,now 2.0.4-4ubuntu2 amd64 [installed,automatic] +keyboard-configuration/focal,now 1.194ubuntu3 all [installed,automatic] +keyutils/focal-updates,now 1.6-6ubuntu1.1 amd64 [installed] +klibc-utils/focal-updates,focal-security,now 2.0.7-1ubuntu5.1 amd64 [installed,automatic] +kmod/focal-updates,now 27-1ubuntu2.1 amd64 [installed] +kpartx/focal-updates,focal-security,now 0.8.3-1ubuntu2.1 amd64 [installed,automatic] +krb5-locales/focal-updates,focal-security,now 1.17-6ubuntu4.3 all [installed,automatic] +landscape-common/focal-updates,now 19.12-0ubuntu4.3 amd64 [installed] +language-selector-common/focal-updates,now 0.204.2 all [installed,automatic] +less/focal-updates,now 551-1ubuntu0.1 amd64 [installed,automatic] +libaccountsservice0/now 0.6.55-0ubuntu12~20.04.5 amd64 [installed,upgradable to: 0.6.55-0ubuntu12~20.04.6] +libacl1/focal,now 2.2.53-6 amd64 [installed,automatic] +libaio1/focal,now 0.3.112-5 amd64 [installed,automatic] +libapparmor1/focal-updates,now 2.13.3-7ubuntu5.2 amd64 [installed,automatic] +libappstream4/focal,now 0.12.10-2 amd64 [installed,automatic] +libapt-pkg6.0/focal-updates,now 2.0.9 amd64 [installed,automatic] +libarchive13/focal-updates,focal-security,now 3.4.0-2ubuntu1.2 amd64 [installed,automatic] +libargon2-1/focal,now 0~20171227-0.2 amd64 [installed,automatic] +libasan5/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libasn1-8-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libasound2-data/focal-updates,now 1.2.2-2.1ubuntu2.5 all [installed,automatic] +libasound2/focal-updates,now 1.2.2-2.1ubuntu2.5 amd64 [installed,automatic] +libassuan0/focal,now 2.5.3-7ubuntu2 amd64 [installed,automatic] +libatasmart4/focal,now 0.19-5 amd64 [installed,automatic] +libatm1/focal,now 1:2.5.1-4 amd64 [installed,automatic] +libatomic1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libattr1/focal,now 1:2.4.48-5 amd64 [installed,automatic] +libaudit-common/focal,now 1:2.8.5-2ubuntu6 all [installed,automatic] +libaudit1/focal,now 1:2.8.5-2ubuntu6 amd64 [installed,automatic] +libbabeltrace1/focal,now 1.5.8-1build1 amd64 [installed,automatic] +libbinutils/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libblkid1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libblockdev-crypto2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-fs2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-loop2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-part-err2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-part2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-swap2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-utils2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libboost-context1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-iostreams1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-program-options1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-thread1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libbrotli1/focal-updates,focal-security,now 1.0.7-6ubuntu0.1 amd64 [installed,automatic] +libbsd0/focal,now 0.10.0-1 amd64 [installed,automatic] +libbz2-1.0/focal,now 1.0.8-2 amd64 [installed,automatic] +libc-bin/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc-dev-bin/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc6-dev/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc6/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libcanberra0/focal,now 0.30-7ubuntu1 amd64 [installed,automatic] +libcap-ng0/focal,now 0.7.9-2.1build1 amd64 [installed,automatic] +libcap2-bin/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libcap2/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libcbor0.6/focal,now 0.6.0-0ubuntu1 amd64 [installed,automatic] +libcc1-0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libcephfs2/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +libcom-err2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libcrack2/focal,now 2.9.6-3.2 amd64 [installed,automatic] +libcrypt-dev/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic] +libcrypt1/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic] +libcryptsetup12/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +libctf-nobfd0/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libctf0/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libcurl3-gnutls/now 7.68.0-1ubuntu2.18 amd64 [installed,upgradable to: 7.68.0-1ubuntu2.19] +libcurl4/now 7.68.0-1ubuntu2.18 amd64 [installed,upgradable to: 7.68.0-1ubuntu2.19] +libdb5.3/focal,now 5.3.28+dfsg1-0.6ubuntu2 amd64 [installed,automatic] +libdbus-1-3/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +libdconf1/focal,now 0.36.0-1 amd64 [installed,automatic] +libdebconfclient0/focal,now 0.251ubuntu1 amd64 [installed] +libdevmapper-event1.02.1/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +libdevmapper1.02.1/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +libdns-export1109/focal-updates,now 1:9.11.16+dfsg-3~ubuntu1 amd64 [installed,automatic] +libdpkg-perl/focal-updates,focal-security,now 1.19.7ubuntu3.2 all [installed,automatic] +libdrm-common/focal-updates,focal-security,now 2.4.107-8ubuntu1~20.04.2 all [installed,automatic] +libdrm2/focal-updates,focal-security,now 2.4.107-8ubuntu1~20.04.2 amd64 [installed,automatic] +libdw1/focal,now 0.176-1.1build1 amd64 [installed] +libeatmydata1/focal,now 105-7 amd64 [installed] +libedit2/focal,now 3.1-20191231-1 amd64 [installed,automatic] +libefiboot1/focal-updates,now 37-2ubuntu2.2 amd64 [installed,automatic] +libefivar1/focal-updates,now 37-2ubuntu2.2 amd64 [installed,automatic] +libelf1/focal,now 0.176-1.1build1 amd64 [installed,automatic] +liberror-perl/focal,now 0.17029-1 all [installed,automatic] +libestr0/focal,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-7/focal,now 2.1.11-stable-1 amd64 [installed,automatic] +libexpat1/focal-updates,focal-security,now 2.2.9-1ubuntu0.6 amd64 [installed,automatic] +libext2fs2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libfastjson4/focal,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libffi7/focal,now 3.3-4 amd64 [installed,automatic] +libfido2-1/focal,now 1.3.1-1ubuntu2 amd64 [installed,automatic] +libfl2/focal,now 2.6.4-6.2 amd64 [installed,automatic] +libfreetype6/focal-updates,focal-security,now 2.10.1-2ubuntu0.3 amd64 [installed,automatic] +libfribidi0/focal-updates,focal-security,now 1.0.8-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/focal,now 2.9.9-3 amd64 [installed,automatic] +libfwupd2/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed,automatic] +libfwupdplugin1/focal-updates,now 1.5.11-0ubuntu1~20.04.2 amd64 [installed] +libfwupdplugin5/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed,automatic] +libgcab-1.0-0/focal,now 1.4-1 amd64 [installed,automatic] +libgcc-9-dev/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libgcc-s1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libgcrypt20/focal-updates,focal-security,now 1.8.5-5ubuntu1.1 amd64 [installed,automatic] +libgdbm-compat4/focal,now 1.18.1-5 amd64 [installed,automatic] +libgdbm6/focal,now 1.18.1-5 amd64 [installed,automatic] +libgfapi0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfchangelog0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfrpc0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfxdr0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgirepository-1.0-1/focal-updates,now 1.64.1-1~ubuntu20.04.1 amd64 [installed,automatic] +libglib2.0-0/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 amd64 [installed,automatic] +libglib2.0-bin/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 amd64 [installed,automatic] +libglib2.0-data/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 all [installed,automatic] +libglusterfs0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgmp10/focal-updates,focal-security,now 2:6.2.0+dfsg-4ubuntu0.1 amd64 [installed,automatic] +libgnutls30/focal-updates,focal-security,now 3.6.13-2ubuntu1.8 amd64 [installed,automatic] +libgomp1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libgoogle-perftools4/focal,now 2.7-1ubuntu2 amd64 [installed,automatic] +libgpg-error0/focal,now 1.37-1 amd64 [installed,automatic] +libgpgme11/focal,now 1.13.1-7ubuntu2 amd64 [installed,upgradable to: 1.13.1-7ubuntu2.1] +libgpm2/focal,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libgssapi3-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libgstreamer1.0-0/focal-updates,focal-security,now 1.16.3-0ubuntu1.1 amd64 [installed,automatic] +libgudev-1.0-0/focal,now 1:233-1 amd64 [installed,automatic] +libgusb2/focal,now 0.3.4-0.1 amd64 [installed,automatic] +libhcrypto4-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libheimbase1-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libheimntlm0-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libhogweed5/focal-updates,focal-security,now 3.5.1+really3.5.1-2ubuntu0.2 amd64 [installed,automatic] +libhx509-5-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libibverbs1/focal,now 28.0-1ubuntu1 amd64 [installed,automatic] +libicu66/focal-updates,focal-security,now 66.1-2ubuntu2.1 amd64 [installed,automatic] +libidn2-0/focal,now 2.2.0-2 amd64 [installed,automatic] +libinotifytools0/focal,now 3.14-8 amd64 [installed,automatic] +libip4tc2/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libip6tc2/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libipset13/focal-updates,now 7.5-1ubuntu0.20.04.1 amd64 [installed,automatic] +libisc-export1105/focal-updates,now 1:9.11.16+dfsg-3~ubuntu1 amd64 [installed,automatic] +libisl22/focal,now 0.22.1-1 amd64 [installed,automatic] +libisns0/focal,now 0.97-3 amd64 [installed,automatic] +libitm1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libjansson4/focal,now 2.12-1build1 amd64 [installed,automatic] +libjcat1/focal-updates,now 0.1.4-0ubuntu0.20.04.1 amd64 [installed,automatic] +libjq1/focal-updates,now 1.6-1ubuntu0.20.04.1 amd64 [installed,automatic] +libjson-c4/focal-updates,focal-security,now 0.13.1+dfsg-7ubuntu0.3 amd64 [installed,automatic] +libjson-glib-1.0-0/focal,now 1.4.4-2ubuntu2 amd64 [installed,automatic] +libjson-glib-1.0-common/focal,now 1.4.4-2ubuntu2 all [installed,automatic] +libk5crypto3/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libkeyutils1/focal-updates,now 1.6-6ubuntu1.1 amd64 [installed,automatic] +libklibc/focal-updates,focal-security,now 2.0.7-1ubuntu5.1 amd64 [installed,automatic] +libkmod2/focal-updates,now 27-1ubuntu2.1 amd64 [installed,automatic] +libkrb5-26-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libkrb5-3/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libkrb5support0/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libksba8/focal-updates,focal-security,now 1.3.5-2ubuntu0.20.04.2 amd64 [installed,automatic] +libldap-2.4-2/focal-updates,focal-security,now 2.4.49+dfsg-2ubuntu1.9 amd64 [installed,automatic] +libldap-common/focal-updates,focal-security,now 2.4.49+dfsg-2ubuntu1.9 all [installed,automatic] +libleveldb1d/focal,now 1.22-3ubuntu2 amd64 [installed,automatic] +liblmdb0/focal,now 0.9.24-1 amd64 [installed,automatic] +liblocale-gettext-perl/focal,now 1.07-4 amd64 [installed,automatic] +liblsan0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libltdl7/focal,now 2.4.6-14 amd64 [installed,automatic] +liblvm2cmd2.03/focal,now 2.03.07-1ubuntu1 amd64 [installed,automatic] +liblz4-1/focal-updates,focal-security,now 1.9.2-2ubuntu0.20.04.1 amd64 [installed,automatic] +liblzma5/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed,automatic] +liblzo2-2/focal,now 2.10-2 amd64 [installed,automatic] +libmagic-mgc/focal,now 1:5.38-4 amd64 [installed,automatic] +libmagic1/focal,now 1:5.38-4 amd64 [installed,automatic] +libmaxminddb0/focal-updates,focal-security,now 1.4.2-0ubuntu1.20.04.1 amd64 [installed,automatic] +libmbim-glib4/focal-updates,now 1.26.2-1~ubuntu20.04.1 amd64 [installed,automatic] +libmbim-proxy/focal-updates,now 1.26.2-1~ubuntu20.04.1 amd64 [installed,automatic] +libmm-glib0/focal-updates,now 1.18.6-1~ubuntu20.04.1 amd64 [installed,automatic] +libmnl0/focal,now 1.0.4-2 amd64 [installed,automatic] +libmount1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libmpc3/focal,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/focal,now 2.4.2-3 amd64 [installed,automatic] +libmpfr6/focal,now 4.0.2-1 amd64 [installed,automatic] +libncurses6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libncursesw6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libnetfilter-conntrack3/focal,now 1.0.7-2 amd64 [installed,automatic] +libnetplan0/focal-updates,now 0.104-0ubuntu2~20.04.2 amd64 [installed,automatic] +libnettle7/focal-updates,focal-security,now 3.5.1+really3.5.1-2ubuntu0.2 amd64 [installed,automatic] +libnewt0.52/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +libnfnetlink0/focal,now 1.0.1-3build1 amd64 [installed,automatic] +libnfsidmap2/focal,now 0.25-5.1ubuntu1 amd64 [installed,automatic] +libnftables1/focal,now 0.9.3-2 amd64 [installed,automatic] +libnftnl11/focal,now 1.1.5-1 amd64 [installed,automatic] +libnghttp2-14/focal-updates,focal-security,now 1.40.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-genl-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-route-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnpth0/focal,now 1.6-1 amd64 [installed,automatic] +libnspr4/focal,now 2:4.25-1 amd64 [installed,automatic] +libnss-systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libnss3/focal-updates,focal-security,now 2:3.49.1-1ubuntu1.9 amd64 [installed,automatic] +libntfs-3g883/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] +libnuma1/focal,now 2.0.12-1 amd64 [installed,automatic] +liboath0/focal,now 2.6.1-1.3 amd64 [installed,automatic] +libogg0/focal,now 1.3.4-0ubuntu1 amd64 [installed,automatic] +libonig5/focal,now 6.9.4-1 amd64 [installed,automatic] +libp11-kit0/focal-updates,focal-security,now 0.23.20-1ubuntu0.1 amd64 [installed,automatic] +libpackagekit-glib2-18/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +libpam-cap/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libpam-modules-bin/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libpam-modules/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libpam-pwquality/focal,now 1.4.2-1build1 amd64 [installed] +libpam-runtime/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 all [installed,automatic] +libpam-systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libpam0g/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libparted-fs-resize0/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +libparted2/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +libpcap0.8/focal,now 1.9.1-3 amd64 [installed,automatic] +libpci3/focal-updates,now 1:3.6.4-1ubuntu0.20.04.1 amd64 [installed,automatic] +libpcre2-8-0/focal-updates,focal-security,now 10.34-7ubuntu0.1 amd64 [installed,automatic] +libpcre3/focal-updates,focal-security,now 2:8.39-12ubuntu0.1 amd64 [installed,automatic] +libperl5.30/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +libpipeline1/focal,now 1.5.2-2build1 amd64 [installed,automatic] +libplymouth5/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +libpng16-16/focal,now 1.6.37-2 amd64 [installed,automatic] +libpolkit-agent-1-0/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +libpolkit-gobject-1-0/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +libpopt0/focal,now 1.16-14 amd64 [installed,automatic] +libprocps8/focal-updates,now 2:3.3.16-1ubuntu2.3 amd64 [installed,automatic] +libproxy1v5/focal-updates,focal-security,now 0.4.15-10ubuntu1.2 amd64 [installed,automatic] +libpsl5/focal,now 0.21.0-1ubuntu1 amd64 [installed,automatic] +libpwquality-common/focal,now 1.4.2-1build1 all [installed,automatic] +libpwquality-tools/focal,now 1.4.2-1build1 amd64 [installed] +libpwquality1/focal,now 1.4.2-1build1 amd64 [installed,automatic] +libpython2-stdlib/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +libpython2.7-minimal/focal-updates,focal-security,now 2.7.18-1~20.04.3 amd64 [installed,automatic] +libpython2.7-stdlib/focal-updates,focal-security,now 2.7.18-1~20.04.3 amd64 [installed,automatic] +libpython3-stdlib/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +libpython3.8-minimal/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libpython3.8-stdlib/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libpython3.8/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libqmi-glib5/focal-updates,now 1.30.4-1~ubuntu20.04.1 amd64 [installed,automatic] +libqmi-proxy/focal-updates,now 1.30.4-1~ubuntu20.04.1 amd64 [installed,automatic] +libquadmath0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +librabbitmq4/focal,now 0.10.0-1 amd64 [installed,automatic] +librados2/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +libradosstriper1/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +librbd1/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +librdmacm1/focal,now 28.0-1ubuntu1 amd64 [installed,automatic] +libreadline5/focal,now 5.2+dfsg-3build3 amd64 [installed,automatic] +libreadline8/focal,now 8.0-4 amd64 [installed,automatic] +libroken18-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +librtmp1/focal,now 2.4+20151223.gitfa8646d.1-2build1 amd64 [installed,automatic] +libsasl2-2/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libsasl2-modules-db/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libsasl2-modules/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libseccomp2/focal-updates,focal-security,now 2.5.1-1ubuntu1~20.04.2 amd64 [installed,automatic] +libselinux1/focal,now 3.0-1build2 amd64 [installed,automatic] +libsemanage-common/focal,now 3.0-1build2 all [installed,automatic] +libsemanage1/focal,now 3.0-1build2 amd64 [installed,automatic] +libsensors-config/focal-updates,now 1:3.6.0-2ubuntu1.1 all [installed,automatic] +libsensors5/focal-updates,now 1:3.6.0-2ubuntu1.1 amd64 [installed,automatic] +libsepol1/focal-updates,focal-security,now 3.0-1ubuntu0.1 amd64 [installed,automatic] +libsgutils2-2/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] +libsigsegv2/focal,now 2.12-2 amd64 [installed,automatic] +libslang2/focal,now 2.3.2-4 amd64 [installed,automatic] +libsmartcols1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libsmbios-c2/focal,now 2.4.3-1 amd64 [installed,automatic] +libsnappy1v5/focal,now 1.1.8-1build1 amd64 [installed,automatic] +libsodium23/focal,now 1.0.18-1 amd64 [installed] +libsoup2.4-1/focal,now 2.70.0-1 amd64 [installed,automatic] +libsqlite3-0/focal-updates,focal-security,now 3.31.1-4ubuntu0.5 amd64 [installed,automatic] +libss2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libssh-4/focal-updates,focal-security,now 0.9.3-2ubuntu2.3 amd64 [installed,automatic] +libssl1.1/focal-updates,focal-security,now 1.1.1f-1ubuntu2.19 amd64 [installed,automatic] +libstdc++-9-dev/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libstdc++6/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libstemmer0d/focal,now 0+svn585-2 amd64 [installed,automatic] +libsysfs2/focal,now 2.1.0+repack-6 amd64 [installed,automatic] +libsystemd0/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libtalloc2/focal-updates,focal-security,now 2.3.3-0ubuntu0.20.04.1 amd64 [installed] +libtasn1-6/focal,now 4.16.0-2 amd64 [installed,automatic] +libtcmalloc-minimal4/focal,now 2.7-1ubuntu2 amd64 [installed,automatic] +libtdb1/focal-updates,focal-security,now 1.4.5-0ubuntu0.20.04.1 amd64 [installed,automatic] +libtevent0/focal-updates,focal-security,now 0.11.0-0ubuntu0.20.04.1 amd64 [installed] +libtext-charwidth-perl/focal,now 0.04-10 amd64 [installed,automatic] +libtext-iconv-perl/focal,now 1.7-7 amd64 [installed,automatic] +libtext-wrapi18n-perl/focal,now 0.06-9 all [installed,automatic] +libtinfo6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libtirpc-common/focal-updates,focal-security,now 1.2.5-1ubuntu0.1 all [installed,automatic] +libtirpc3/focal-updates,focal-security,now 1.2.5-1ubuntu0.1 amd64 [installed,automatic] +libtsan0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libtss2-esys0/focal-updates,now 2.3.2-1ubuntu0.20.04.1 amd64 [installed,automatic] +libubsan1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libuchardet0/focal,now 0.0.6-3build1 amd64 [installed,automatic] +libudev1/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libudisks2-0/focal-updates,now 2.8.4-1ubuntu2 amd64 [installed,automatic] +libunistring2/focal,now 0.9.10-2 amd64 [installed,automatic] +libunwind8/focal-updates,now 1.2.1-9ubuntu0.1 amd64 [installed,automatic] +liburcu6/focal,now 0.11.1-2 amd64 [installed,automatic] +libusb-1.0-0/focal,now 2:1.0.23-2build1 amd64 [installed,automatic] +libutempter0/focal,now 1.1.6-4 amd64 [installed,automatic] +libuuid1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libuv1/focal-updates,focal-security,now 1.34.2-1ubuntu1.3 amd64 [installed,automatic] +libvolume-key1/focal,now 0.3.12-3.1 amd64 [installed,automatic] +libvorbis0a/focal,now 1.3.6-2ubuntu1 amd64 [installed,automatic] +libvorbisfile3/focal,now 1.3.6-2ubuntu1 amd64 [installed,automatic] +libwbclient0/now 2:4.15.13+dfsg-0ubuntu0.20.04.2 amd64 [installed,upgradable to: 2:4.15.13+dfsg-0ubuntu0.20.04.4] +libwind0-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libwrap0/focal,now 7.6.q-30 amd64 [installed] +libx11-6/now 2:1.6.9-2ubuntu1.2 amd64 [installed,upgradable to: 2:1.6.9-2ubuntu1.5] +libx11-data/now 2:1.6.9-2ubuntu1.2 all [installed,upgradable to: 2:1.6.9-2ubuntu1.5] +libxau6/focal,now 1:1.0.9-0ubuntu1 amd64 [installed,automatic] +libxcb1/focal,now 1.14-2 amd64 [installed,automatic] +libxdmcp6/focal,now 1:1.1.3-0ubuntu1 amd64 [installed,automatic] +libxext6/focal,now 2:1.3.4-0ubuntu1 amd64 [installed,automatic] +libxml2/focal-updates,focal-security,now 2.9.10+dfsg-5ubuntu0.20.04.6 amd64 [installed,automatic] +libxmlb1/focal-updates,now 0.1.15-2ubuntu1~20.04.1 amd64 [installed] +libxmlb2/focal-updates,now 0.3.6-2build1~20.04.1 amd64 [installed,automatic] +libxmuu1/focal,now 2:1.1.3-0ubuntu1 amd64 [installed,automatic] +libxtables12/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/focal,now 0.2.2-1 amd64 [installed,automatic] +libzstd1/focal-updates,focal-security,now 1.4.4+dfsg-3ubuntu0.1 amd64 [installed,automatic] +linux-azure-5.15-cloud-tools-5.15.0-1039/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-azure-5.15-headers-5.15.0-1039/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 all [installed] +linux-azure-5.15-tools-5.15.0-1039/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-azure-fde/now 5.15.0.1039.46~20.04.1.18 amd64 [installed,upgradable to: 5.15.0.1042.49~20.04.1.21] +linux-base-sgx/focal-updates,now 4.5ubuntu3.7 all [installed] +linux-base/focal-updates,now 4.5ubuntu3.7 all [installed,automatic] +linux-cloud-tools-5.15.0-1039-azure/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-cloud-tools-azure-fde/now 5.15.0.1039.46~20.04.1.18 amd64 [installed,upgradable to: 5.15.0.1042.49~20.04.1.21] +linux-cloud-tools-common/focal-updates,focal-security,now 5.4.0-150.167 all [installed,upgradable to: 5.4.0-156.173] +linux-headers-5.15.0-1039-azure/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-headers-azure-fde/now 5.15.0.1039.46~20.04.1.18 amd64 [installed,upgradable to: 5.15.0.1042.49~20.04.1.21] +linux-image-5.15.0-1039-azure-fde/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1.1 amd64 [installed] +linux-image-5.15.0-1039-azure/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed,automatic] +linux-image-azure-fde/now 5.15.0.1039.46~20.04.1.18 amd64 [installed,upgradable to: 5.15.0.1042.49~20.04.1.21] +linux-libc-dev/focal-updates,focal-security,now 5.4.0-156.173 amd64 [installed,automatic] +linux-modules-5.15.0-1039-azure/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-modules-extra-5.15.0-1039-azure/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-tools-5.15.0-1039-azure/focal-updates,focal-security,now 5.15.0-1039.46~20.04.1 amd64 [installed] +linux-tools-azure-fde/now 5.15.0.1039.46~20.04.1.18 amd64 [installed,upgradable to: 5.15.0.1042.49~20.04.1.21] +linux-tools-common/focal-updates,focal-security,now 5.4.0-150.167 all [installed,upgradable to: 5.4.0-156.173] +locales/focal-updates,now 2.31-0ubuntu9.9 all [installed,automatic] +login/focal-updates,focal-security,now 1:4.8.1-1ubuntu5.20.04.4 amd64 [installed,automatic] +logrotate/focal,now 3.14.0-4ubuntu3 amd64 [installed,automatic] +logsave/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +lsb-base/focal,now 11.1.0ubuntu2 all [installed,automatic] +lsb-release/focal,now 11.1.0ubuntu2 all [installed,automatic] +lshw/focal-updates,now 02.18.85-0.3ubuntu2.20.04.1 amd64 [installed,automatic] +lsof/focal-updates,now 4.93.2+dfsg-1ubuntu0.20.04.1 amd64 [installed,automatic] +lsscsi/focal,now 0.30-0.1 amd64 [installed] +ltrace/focal,now 0.7.3-6.1ubuntu1 amd64 [installed,automatic] +lvm2/focal,now 2.03.07-1ubuntu1 amd64 [installed] +lxd-agent-loader/focal,now 0.4 all [installed] +lz4/focal-updates,focal-security,now 1.9.2-2ubuntu0.20.04.1 amd64 [installed,automatic] +make/focal,now 4.2.1-1.2 amd64 [installed] +man-db/focal,now 2.9.1-1 amd64 [installed,automatic] +manpages/focal,now 5.05-1 all [installed,automatic] +mawk/focal,now 1.3.4.20200120-2 amd64 [installed,automatic] +mdadm/focal-updates,now 4.1-5ubuntu1.2 amd64 [installed] +mime-support/focal,now 3.64ubuntu1 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu20.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu20.04u1] +moby-runc/testing,focal,now 1.1.7+azure-ubuntu20.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu20.04u1] +modemmanager/focal-updates,now 1.18.6-1~ubuntu20.04.1 amd64 [installed,automatic] +mokutil/focal-updates,now 0.6.0-2~20.04.1 amd64 [installed] +motd-news-config/focal-updates,now 11ubuntu5.7 all [installed] +mount/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] +mtr-tiny/focal,now 0.93-1 amd64 [installed,automatic] +multipath-tools/focal-updates,focal-security,now 0.8.3-1ubuntu2.1 amd64 [installed] +nano/focal,now 4.8-1ubuntu1 amd64 [installed,automatic] +ncurses-base/focal-updates,focal-security,now 6.2-0ubuntu2.1 all [installed] +ncurses-bin/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed] +ncurses-term/focal-updates,focal-security,now 6.2-0ubuntu2.1 all [installed] +netbase/focal,now 6.1 all [installed,automatic] +netcat-openbsd/focal,now 1.206-1ubuntu1 amd64 [installed,automatic] +netcat/focal,now 1.206-1ubuntu1 all [installed] +netplan.io/focal-updates,now 0.104-0ubuntu2~20.04.2 amd64 [installed,automatic] +networkd-dispatcher/focal-updates,focal-security,now 2.1-2~ubuntu20.04.3 all [installed,automatic] +nfs-common/focal-updates,now 1:1.3.4-2.5ubuntu3.4 amd64 [installed] +nftables/focal,now 0.9.3-2 amd64 [installed] +ntfs-3g/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] +nullboot/focal-updates,now 0.4.0-0ubuntu0.20.04.1 amd64 [installed] +open-iscsi/now 2.0.874-7.1ubuntu6.3 amd64 [installed,upgradable to: 2.0.874-7.1ubuntu6.4] +openssh-client/now 1:8.2p1-4ubuntu0.7 amd64 [installed,upgradable to: 1:8.2p1-4ubuntu0.9] +openssh-server/now 1:8.2p1-4ubuntu0.7 amd64 [installed,upgradable to: 1:8.2p1-4ubuntu0.9] +openssh-sftp-server/now 1:8.2p1-4ubuntu0.7 amd64 [installed,upgradable to: 1:8.2p1-4ubuntu0.9] +openssl/focal-updates,focal-security,now 1.1.1f-1ubuntu2.19 amd64 [installed,automatic] +overlayroot/focal-updates,now 0.45ubuntu2 all [installed] +packagekit-tools/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +packagekit/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +packages-microsoft-prod/focal,now 1.0-ubuntu20.04.1 all [installed] +parted/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +passwd/focal-updates,focal-security,now 1:4.8.1-1ubuntu5.20.04.4 amd64 [installed,automatic] +pastebinit/focal,now 1.5.1-1 all [installed,automatic] +patch/focal,now 2.7.6-6 amd64 [installed] +pci.ids/focal,now 0.0~2020.03.20-1 all [installed,automatic] +pciutils/focal-updates,now 1:3.6.4-1ubuntu0.20.04.1 amd64 [installed,automatic] +perl-base/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +perl-modules-5.30/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 all [installed,automatic] +perl/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +pigz/focal,now 2.4-1 amd64 [installed] +pinentry-curses/focal,now 1.1.0-3build1 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +plymouth/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +policykit-1/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +pollinate/focal-updates,now 4.33-3ubuntu1.20.04.1 all [installed] +popularity-contest/focal,now 1.69ubuntu1 all [installed,automatic] +powermgmt-base/focal,now 1.36 all [installed,automatic] +procps/focal-updates,now 2:3.3.16-1ubuntu2.3 amd64 [installed,automatic] +psmisc/focal,now 23.3-1 amd64 [installed,automatic] +publicsuffix/focal,now 20200303.0012-1 all [installed,automatic] +python-apt-common/focal-updates,now 2.0.1ubuntu0.20.04.1 all [installed,automatic] +python-is-python2/focal,now 2.7.17-4 all [installed] +python2-minimal/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +python2.7-minimal/focal-updates,focal-security,now 2.7.18-1~20.04.3 amd64 [installed,automatic] +python2.7/focal-updates,focal-security,now 2.7.18-1~20.04.3 amd64 [installed,automatic] +python2/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +python3-apt/focal-updates,now 2.0.1ubuntu0.20.04.1 amd64 [installed,automatic] +python3-attr/focal,now 19.3.0-2 all [installed,automatic] +python3-automat/focal,now 0.8.0-1ubuntu1 all [installed,automatic] +python3-blinker/focal,now 1.4+dfsg1-0.3ubuntu1 all [installed,automatic] +python3-ceph-argparse/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-ceph-common/focal-updates,now 15.2.17-0ubuntu0.20.04.4 all [installed,automatic] +python3-cephfs/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-certifi/focal,now 2019.11.28-1 all [installed,automatic] +python3-cffi-backend/focal,now 1.14.0-1build1 amd64 [installed,automatic] +python3-chardet/focal,now 3.0.4-4build1 all [installed,automatic] +python3-click/focal,now 7.0-3 all [installed,automatic] +python3-colorama/focal,now 0.4.3-1build1 all [installed,automatic] +python3-commandnotfound/focal-updates,now 20.04.6 all [installed,automatic] +python3-configobj/focal,now 5.0.6-4 all [installed,automatic] +python3-constantly/focal,now 15.1.0-1build1 all [installed,automatic] +python3-cryptography/focal-updates,focal-security,now 2.8-3ubuntu0.1 amd64 [installed,automatic] +python3-dbus/focal,now 1.2.16-1build1 amd64 [installed,automatic] +python3-debconf/focal,now 1.5.73 all [installed,automatic] +python3-debian/focal,now 0.1.36ubuntu1 all [installed,upgradable to: 0.1.36ubuntu1.1] +python3-distro-info/focal,now 0.23ubuntu1 all [installed,upgradable to: 0.23ubuntu1.1] +python3-distro/focal,now 1.4.0-1 all [installed,automatic] +python3-distupgrade/focal-updates,now 1:20.04.41 all [installed,automatic] +python3-distutils/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 all [installed] +python3-entrypoints/focal,now 0.3-2ubuntu1 all [installed,automatic] +python3-gdbm/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 amd64 [installed,automatic] +python3-gi/focal,now 3.36.0-1 amd64 [installed,automatic] +python3-hamcrest/focal,now 1.9.0-3 all [installed,automatic] +python3-httplib2/focal,now 0.14.0-1ubuntu1 all [installed,automatic] +python3-hyperlink/focal,now 19.0.0-1 all [installed,automatic] +python3-idna/focal,now 2.8-1 all [installed,automatic] +python3-importlib-metadata/focal,now 1.5.0-1 all [installed] +python3-incremental/focal,now 16.10.1-3.2 all [installed,automatic] +python3-jinja2/focal,now 2.10.1-2 all [installed] +python3-json-pointer/focal,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/focal,now 1.23-3 all [installed] +python3-jsonschema/focal,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/focal-updates,focal-security,now 1.7.1-2ubuntu2.1 all [installed,automatic] +python3-keyring/focal,now 18.0.1-2ubuntu1 all [installed,automatic] +python3-launchpadlib/focal,now 1.10.13-1 all [installed,automatic] +python3-lazr.restfulclient/focal,now 0.14.2-2build1 all [installed,automatic] +python3-lazr.uri/focal,now 1.0.3-4build1 all [installed,automatic] +python3-lib2to3/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 all [installed] +python3-markupsafe/focal,now 1.1.0-1build2 amd64 [installed] +python3-minimal/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +python3-more-itertools/focal,now 4.2.0-1build1 all [installed] +python3-nacl/focal,now 1.3.0-5 amd64 [installed] +python3-netifaces/focal,now 0.10.4-1ubuntu4 amd64 [installed,automatic] +python3-newt/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +python3-oauthlib/focal,now 3.1.0-1ubuntu2 all [installed,automatic] +python3-openssl/focal,now 19.0.0-1build1 all [installed,automatic] +python3-parted/focal,now 3.11.2-11.1build1 amd64 [installed] +python3-pexpect/focal,now 4.6.0-1build1 all [installed,automatic] +python3-pkg-resources/focal-updates,focal-security,now 45.2.0-1ubuntu0.1 all [installed,automatic] +python3-prettytable/focal,now 0.7.2-5 all [installed,automatic] +python3-ptyprocess/focal,now 0.6.0-1ubuntu1 all [installed,automatic] +python3-pyasn1-modules/focal,now 0.2.1-0.2build1 all [installed,automatic] +python3-pyasn1/focal,now 0.4.2-3build1 all [installed,automatic] +python3-pymacaroons/focal,now 0.13.0-3 all [installed] +python3-pyrsistent/focal,now 0.15.5-1build1 amd64 [installed] +python3-rados/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-rbd/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-requests-unixsocket/focal,now 0.2.0-2 all [installed,automatic] +python3-requests/focal-updates,focal-security,now 2.22.0-2ubuntu1.1 all [installed,automatic] +python3-secretstorage/focal,now 2.3.1-2ubuntu1 all [installed,automatic] +python3-serial/focal,now 3.4-5.1 all [installed] +python3-service-identity/focal,now 18.1.0-5build1 all [installed,automatic] +python3-setuptools/focal-updates,focal-security,now 45.2.0-1ubuntu0.1 all [installed] +python3-simplejson/focal,now 3.16.0-2ubuntu2 amd64 [installed,automatic] +python3-six/focal,now 1.14.0-2 all [installed,automatic] +python3-software-properties/focal-updates,now 0.99.9.11 all [installed,automatic] +python3-twisted-bin/focal-updates,focal-security,now 18.9.0-11ubuntu0.20.04.2 amd64 [installed,automatic] +python3-twisted/focal-updates,focal-security,now 18.9.0-11ubuntu0.20.04.2 all [installed,automatic] +python3-update-manager/focal-updates,now 1:20.04.10.11 all [installed,automatic] +python3-urllib3/focal-updates,focal-security,now 1.25.8-2ubuntu0.2 all [installed,automatic] +python3-wadllib/focal,now 1.3.3-3build1 all [installed,automatic] +python3-yaml/focal-updates,focal-security,now 5.3.1-1ubuntu0.1 amd64 [installed,automatic] +python3-zipp/focal,now 1.0.0-1 all [installed] +python3-zope.interface/focal,now 4.7.1-1 amd64 [installed,automatic] +python3.8-minimal/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +python3.8/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +python3/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +readline-common/focal,now 8.0-4 all [installed,automatic] +rng-tools/focal,now 5-1ubuntu2 amd64 [installed] +rpcbind/focal,now 1.2.5-8 amd64 [installed,automatic] +rsync/focal-updates,focal-security,now 3.1.3-8ubuntu0.5 amd64 [installed,automatic] +rsyslog/focal-updates,focal-security,now 8.2001.0-1ubuntu1.3 amd64 [installed,automatic] +run-one/focal,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/focal-updates,now 0.9.2-2ubuntu1.1 amd64 [installed,automatic] +screen/focal-updates,focal-security,now 4.8.0-1ubuntu0.1 amd64 [installed] +secureboot-db/focal,now 1.5 amd64 [installed,automatic] +sed/focal,now 4.7-1 amd64 [installed,automatic] +sensible-utils/focal,now 0.0.12+nmu1 all [installed,automatic] +sg3-utils-udev/focal,now 1.44-1ubuntu2 all [installed,automatic] +sg3-utils/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] +shared-mime-info/focal,now 1.15-1 amd64 [installed,automatic] +socat/focal,now 1.7.3.3-2 amd64 [installed] +software-properties-common/focal-updates,now 0.99.9.11 all [installed] +sosreport/now 4.4-1ubuntu0.20.04.1 amd64 [installed,upgradable to: 4.5.6-0ubuntu1~20.04.1] +sound-theme-freedesktop/focal,now 0.8-2ubuntu1 all [installed,automatic] +ssh-import-id/focal,now 5.10-0ubuntu1 all [installed] +strace/focal-updates,now 5.5-3ubuntu1 amd64 [installed,automatic] +sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.5 amd64 [installed,automatic] +sysfsutils/focal,now 2.1.0+repack-6 amd64 [installed] +sysstat/focal-updates,focal-security,now 12.2.0-2ubuntu0.3 amd64 [installed] +systemd-sysv/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +sysvinit-utils/focal,now 2.96-2.1ubuntu1 amd64 [installed] +tar/focal-updates,focal-security,now 1.30+dfsg-7ubuntu0.20.04.3 amd64 [installed,automatic] +tcpdump/focal-updates,now 4.9.3-4ubuntu0.2 amd64 [installed,automatic] +telnet/focal,now 0.17-41.2build1 amd64 [installed,automatic] +thin-provisioning-tools/focal,now 0.8.5-4build1 amd64 [installed,automatic] +time/focal,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/focal-updates,focal-security,now 3.0a-2ubuntu0.4 amd64 [installed] +tpm-udev/focal,now 0.4 all [installed,automatic] +traceroute/focal,now 1:2.1.0-2 amd64 [installed] +tzdata/focal-updates,now 2023c-0ubuntu0.20.04.2 all [installed,automatic] +ubuntu-advantage-tools/now 27.14.4~20.04 amd64 [installed,upgradable to: 28.1~20.04] +ubuntu-keyring/focal-updates,now 2020.02.11.4 all [installed,automatic] +ubuntu-minimal/focal-updates,now 1.450.2 amd64 [installed] +ubuntu-release-upgrader-core/focal-updates,now 1:20.04.41 all [installed,automatic] +ubuntu-standard/focal-updates,now 1.450.2 amd64 [installed] +ucf/focal,now 3.0038+nmu1 all [installed,automatic] +udev/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +udisks2/focal-updates,now 2.8.4-1ubuntu2 amd64 [installed,automatic] +ufw/now 0.36-6ubuntu1 all [installed,upgradable to: 0.36-6ubuntu1.1] +unattended-upgrades/focal-updates,now 2.3ubuntu0.3 all [installed,automatic] +update-manager-core/focal-updates,now 1:20.04.10.11 all [installed,automatic] +update-notifier-common/focal-updates,now 3.192.30.17 all [installed] +usb-modeswitch-data/focal,now 20191128-3 all [installed,automatic] +usb-modeswitch/focal,now 2.5.2+repack0-2ubuntu3 amd64 [installed,automatic] +usb.ids/focal,now 2020.03.19-1 all [installed,automatic] +usbutils/focal,now 1:012-2 amd64 [installed,automatic] +util-linux/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] +uuid-runtime/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +vim-common/now 2:8.1.2269-1ubuntu5.15 all [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +vim-runtime/now 2:8.1.2269-1ubuntu5.15 all [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +vim-tiny/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +vim/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +walinuxagent/focal-updates,now 2.2.46-0ubuntu1.2 amd64 [installed] +wget/focal-updates,now 1.20.3-1ubuntu2 amd64 [installed,automatic] +whiptail/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +wireless-regdb/focal-updates,focal-security,now 2022.06.06-0ubuntu1~20.04.1 all [installed,automatic] +xauth/focal,now 1:1.1-0ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/focal,now 0.17-2ubuntu1 amd64 [installed,automatic] +xfsprogs/focal,now 5.3.0-1ubuntu2 amd64 [installed] +xkb-data/focal,now 2.29-2 all [installed,automatic] +xxd/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +xz-utils/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed] +zip/focal,now 3.0-11build1 amd64 [installed] +zlib1g/focal-updates,focal-security,now 1:1.2.11.dfsg-2ubuntu1.5 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +devtmpfs 3.4G 0 3.4G 0% /dev +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 695M 9.0M 686M 2% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sda1 29G 22G 6.1G 79% / +/dev/sda15 1022M 46M 977M 5% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 695M 0 695M 0% /run/user/1000 +Using kernel: +Linux version 5.15.0-1039-azure (buildd@lcy02-amd64-067) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #46~20.04.1-Ubuntu SMP Mon May 22 19:42:46 UTC 2023 +Install completed successfully on Tue Aug 22 16:56:45 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 20.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: +=== os-release Begin +NAME="Ubuntu" +VERSION="20.04.6 LTS (Focal Fossa)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 20.04.6 LTS" +VERSION_ID="20.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=focal +UBUNTU_CODENAME=focal +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-image-list.json index a34f43cda8b..053458b68ff 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2004gen2CVMcontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-report.json index d6888fd7eed..0f5dc7283bc 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmleaz7w8fn1", + "ArtifactName": "pkrvm4ceeqwclqu", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmleaz7w8fn1 (ubuntu 20.04)", + "Target": "pkrvm4ceeqwclqu (ubuntu 20.04)", "Class": "os-pkgs", "Type": "ubuntu", "Vulnerabilities": [ @@ -82,10 +82,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -190,10 +191,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -235,6 +237,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -249,7 +252,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -372,11 +375,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -436,10 +440,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -544,10 +549,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -589,6 +595,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -603,7 +610,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -726,11 +733,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -790,10 +798,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -898,10 +907,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -943,6 +953,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -957,7 +968,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1080,11 +1091,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -1144,10 +1156,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1252,10 +1265,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1297,6 +1311,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1311,7 +1326,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1434,11 +1449,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -1498,10 +1514,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-32629", @@ -1592,6 +1609,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1606,7 +1624,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1729,11 +1747,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -1793,10 +1812,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1901,10 +1921,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1946,6 +1967,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1960,7 +1982,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2083,11 +2105,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -2147,10 +2170,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2255,10 +2279,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -2300,6 +2325,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -2314,7 +2340,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2437,11 +2463,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -2501,10 +2528,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2609,10 +2637,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -2654,6 +2683,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -2668,7 +2698,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2791,11 +2821,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -2855,10 +2886,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2963,10 +2995,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -3008,6 +3041,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -3022,7 +3056,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -3145,11 +3179,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3090", @@ -3209,10 +3244,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-32629", @@ -3303,6 +3339,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -3317,7 +3354,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -3440,11 +3477,12 @@ "https://ubuntu.com/security/notices/USN-6256-1", "https://www.cve.org/CVERecord?id=CVE-2023-35788", "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480", "https://www.openwall.com/lists/oss-security/2023/06/07/1", "https://www.openwall.com/lists/oss-security/2023/06/12/1" ], "PublishedDate": "2023-06-16T21:15:00Z", - "LastModifiedDate": "2023-07-27T21:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" } ] }, @@ -5027,7 +5065,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -5036,7 +5076,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -5186,7 +5226,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -5195,7 +5237,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -5345,7 +5387,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -5354,7 +5398,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -5504,7 +5548,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -5513,7 +5559,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -5666,7 +5712,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -5675,7 +5723,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest.txt index c2228079562..2258889db8c 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004cvmcontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:41 UTC 2023 +Starting build on Tue Aug 22 16:21:46 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,16 +131,16 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:15 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:15 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:18 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:18 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:20 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:20 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:20 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:22 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 2462 Aug 22 16:21 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:21 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:28 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:28 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:33 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:33 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:33 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:35 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/now 0.6.55-0ubuntu12~20.04.5 amd64 [installed,upgradable to: 0.6.55-0ubuntu12~20.04.6] @@ -810,7 +811,7 @@ sg3-utils/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] shared-mime-info/focal,now 1.15-1 amd64 [installed,automatic] socat/focal,now 1.7.3.3-2 amd64 [installed] software-properties-common/focal-updates,now 0.99.9.11 all [installed] -sosreport/focal-updates,now 4.4-1ubuntu0.20.04.1 amd64 [installed] +sosreport/now 4.4-1ubuntu0.20.04.1 amd64 [installed,upgradable to: 4.5.6-0ubuntu1~20.04.1] sound-theme-freedesktop/focal,now 0.8-2ubuntu1 all [installed,automatic] ssh-import-id/focal,now 5.10-0ubuntu1 all [installed] strace/focal-updates,now 5.5-3ubuntu1 amd64 [installed,automatic] @@ -847,10 +848,10 @@ usb.ids/focal,now 2020.03.19-1 all [installed,automatic] usbutils/focal,now 1:012-2 amd64 [installed,automatic] util-linux/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] uuid-runtime/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] -vim-common/now 2:8.1.2269-1ubuntu5.15 all [installed,upgradable to: 2:8.1.2269-1ubuntu5.16] -vim-runtime/now 2:8.1.2269-1ubuntu5.15 all [installed,upgradable to: 2:8.1.2269-1ubuntu5.16] -vim-tiny/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.16] -vim/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.16] +vim-common/now 2:8.1.2269-1ubuntu5.15 all [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +vim-runtime/now 2:8.1.2269-1ubuntu5.15 all [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +vim-tiny/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] +vim/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] walinuxagent/focal-updates,now 2.2.46-0ubuntu1.2 amd64 [installed] wget/focal-updates,now 1.20.3-1ubuntu2 amd64 [installed,automatic] whiptail/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] @@ -859,7 +860,7 @@ xauth/focal,now 1:1.1-0ubuntu1 amd64 [installed,automatic] xdg-user-dirs/focal,now 0.17-2ubuntu1 amd64 [installed,automatic] xfsprogs/focal,now 5.3.0-1ubuntu2 amd64 [installed] xkb-data/focal,now 2.29-2 all [installed,automatic] -xxd/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.16] +xxd/now 2:8.1.2269-1ubuntu5.15 amd64 [installed,upgradable to: 2:8.1.2269-1ubuntu5.17] xz-utils/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed] zip/focal,now 3.0-11build1 amd64 [installed] zlib1g/focal-updates,focal-security,now 1:1.2.11.dfsg-2ubuntu1.5 amd64 [installed,automatic] @@ -871,16 +872,16 @@ tmpfs 3.4G 0 3.4G 0% /dev/shm tmpfs 695M 9.0M 686M 2% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup -/dev/sda1 29G 22G 6.3G 78% / +/dev/sda1 29G 22G 6.1G 79% / /dev/sda15 1022M 46M 977M 5% /boot/efi /dev/sdb1 14G 28K 13G 1% /mnt tmpfs 695M 0 695M 0% /run/user/1000 Using kernel: Linux version 5.15.0-1039-azure (buildd@lcy02-amd64-067) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #46~20.04.1-Ubuntu SMP Mon May 22 19:42:46 UTC 2023 -Install completed successfully on Wed Aug 16 17:43:09 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 16:56:45 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 20.04 Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..32ab00160e6 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "2004gen2fipscontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..936ccb126bd --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,2322 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmyjc31h0g0e", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "20.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmyjc31h0g0e (ubuntu 20.04)", + "Class": "os-pkgs", + "Type": "ubuntu" + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0.txt new file mode 100644 index 00000000000..aa1b217e4b9 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/202308.22.0.txt @@ -0,0 +1,920 @@ +Starting build on Tue Aug 22 16:25:39 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:43 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:43 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:45 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:45 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:45 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:48 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +accountsservice/focal-updates,focal-security,now 0.6.55-0ubuntu12~20.04.6 amd64 [installed,automatic] +acr-mirror/now 0.1.0 amd64 [installed,local] +adduser/focal,now 3.118ubuntu2 all [installed,automatic] +alsa-topology-conf/focal,now 1.2.2-1 all [installed,automatic] +alsa-ucm-conf/focal-updates,now 1.2.2-1ubuntu0.13 all [installed,automatic] +apparmor/focal-updates,now 2.13.3-7ubuntu5.2 amd64 [installed,automatic] +apt-transport-https/focal-updates,now 2.0.9 all [installed] +apt-utils/focal-updates,now 2.0.9 amd64 [installed,automatic] +apt/focal-updates,now 2.0.9 amd64 [installed,automatic] +at/focal,now 3.1.23-1ubuntu1 amd64 [installed] +attr/focal,now 1:2.4.48-5 amd64 [installed,automatic] +base-files/focal-updates,now 11ubuntu5.7 amd64 [installed] +base-passwd/focal,now 3.5.47 amd64 [installed] +bash-completion/focal,now 1:2.10-1ubuntu1 all [installed,automatic] +bash/focal-updates,focal-security,now 5.0-6ubuntu1.2 amd64 [installed] +bc/focal,now 1.07.1-2build1 amd64 [installed,automatic] +bcache-tools/focal-updates,now 1.0.8-3ubuntu0.1 amd64 [installed] +bind9-dnsutils/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 amd64 [installed,automatic] +bind9-host/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 amd64 [installed,automatic] +bind9-libs/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 amd64 [installed,automatic] +binfmt-support/focal,now 2.2.0-2 amd64 [installed,automatic] +binutils-common/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +binutils/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +blobfuse/focal,now 1.4.5 amd64 [installed] +bolt/focal-updates,now 0.9.1-2~ubuntu20.04.2 amd64 [installed,automatic] +bsdmainutils/focal,now 11.1.2ubuntu3 amd64 [installed,automatic] +bsdutils/focal-updates,now 1:2.34-0.1ubuntu9.4 amd64 [installed,automatic] +btrfs-progs/focal,now 5.4.1-2 amd64 [installed] +build-essential/focal-updates,now 12.8ubuntu1.1 amd64 [installed] +busybox-initramfs/focal-updates,focal-security,now 1:1.30.1-4ubuntu6.4 amd64 [installed,automatic] +busybox-static/focal-updates,focal-security,now 1:1.30.1-4ubuntu6.4 amd64 [installed,automatic] +byobu/focal,now 5.133-0ubuntu1 all [installed] +bzip2/focal,now 1.0.8-2 amd64 [installed,automatic] +ca-certificates/focal-updates,focal-security,now 20230311ubuntu0.20.04.1 all [installed] +ceph-common/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed] +cgroup-lite/focal,now 1.15 all [installed] +chrony/focal-updates,focal-security,now 3.5-6ubuntu6.2 amd64 [installed] +cifs-utils/focal-updates,focal-security,now 2:6.9-1ubuntu0.2 amd64 [installed] +cloud-guest-utils/focal,now 0.31-7-gd99b2d76-0ubuntu1 all [installed] +cloud-init/focal-updates,now 23.2.2-0ubuntu0~20.04.1 all [installed] +cloud-initramfs-copymods/focal-updates,now 0.45ubuntu2 all [installed] +cloud-initramfs-dyn-netconf/focal-updates,now 0.45ubuntu2 all [installed] +command-not-found/focal-updates,now 20.04.6 all [installed,automatic] +conntrack/focal,now 1:1.4.5-2 amd64 [installed] +console-setup-linux/focal,now 1.194ubuntu3 all [installed,automatic] +console-setup/focal,now 1.194ubuntu3 all [installed,automatic] +coreutils/focal,now 8.30-3ubuntu2 amd64 [installed,automatic] +cpio/focal-updates,focal-security,now 2.13+dfsg-2ubuntu0.3 amd64 [installed,automatic] +cpp-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +cpp/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic] +cracklib-runtime/focal,now 2.9.6-3.2 amd64 [installed] +crda/focal,now 3.18-1build1 amd64 [installed,automatic] +cron/focal,now 3.0pl1-136ubuntu1 amd64 [installed,automatic] +cryptsetup-bin/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +cryptsetup-initramfs/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 all [installed,automatic] +cryptsetup-run/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 all [installed,automatic] +cryptsetup/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +curl/focal-updates,focal-security,now 7.68.0-1ubuntu2.19 amd64 [installed] +dash/focal,now 0.5.10.2-6 amd64 [installed] +dbus-user-session/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +dbus/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +dconf-gsettings-backend/focal,now 0.36.0-1 amd64 [installed,automatic] +dconf-service/focal,now 0.36.0-1 amd64 [installed,automatic] +dctrl-tools/focal,now 2.24-3 amd64 [installed,automatic] +debconf-i18n/focal,now 1.5.73 all [installed,automatic] +debconf/focal,now 1.5.73 all [installed,automatic] +debianutils/focal,now 4.9.1 amd64 [installed,automatic] +diffutils/focal,now 1:3.7-3 amd64 [installed] +dirmngr/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed] +distro-info-data/focal-updates,now 0.43ubuntu1.13 all [installed,automatic] +distro-info/focal-updates,now 0.23ubuntu1.1 amd64 [installed,automatic] +dkms/focal-updates,now 2.8.1-5ubuntu2 all [installed] +dmeventd/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +dmidecode/focal,now 3.2-3 amd64 [installed,automatic] +dmsetup/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +dnsutils/focal-updates,focal-security,now 1:9.16.1-0ubuntu2.15 all [installed] +dosfstools/focal,now 4.1-2 amd64 [installed,automatic] +dpkg-dev/focal-updates,focal-security,now 1.19.7ubuntu3.2 all [installed,automatic] +dpkg/focal-updates,focal-security,now 1.19.7ubuntu3.2 amd64 [installed,automatic] +e2fsprogs/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +eatmydata/focal,now 105-7 all [installed] +ebtables/focal,now 2.0.11-3build1 amd64 [installed] +ed/focal,now 1.16-1 amd64 [installed,automatic] +efibootmgr/focal,now 17-1 amd64 [installed] +eject/focal,now 2.1.5+deb1+cvs20081104-14 amd64 [installed,automatic] +ethtool/focal,now 1:5.4-1 amd64 [installed] +fdisk/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +file/focal,now 1:5.38-4 amd64 [installed,automatic] +finalrd/focal-updates,now 6~ubuntu20.04.1 all [installed,automatic] +findutils/focal,now 4.7.0-1ubuntu1 amd64 [installed] +fips-initramfs-generic/now 0.0.15+generic1 amd64 [installed,local] +fonts-ubuntu-console/focal,now 0.83-4ubuntu1 all [installed] +friendly-recovery/focal-updates,now 0.2.41ubuntu0.20.04.1 all [installed,automatic] +ftp/focal,now 0.17-34.1 amd64 [installed,automatic] +fuse/focal,now 2.9.9-3 amd64 [installed] +fwupd-signed/focal-updates,now 1.51.1~20.04.1+1.4-0ubuntu0.1 amd64 [installed,automatic] +fwupd/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed] +g++-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +g++/focal,now 4:9.3.0-1ubuntu2 amd64 [installed,automatic] +gawk/focal,now 1:5.0.1+dfsg-1 amd64 [installed,automatic] +gcc-10-base/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +gcc-9-base/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +gcc-9/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +gcc/focal,now 4:9.3.0-1ubuntu2 amd64 [installed] +gdisk/focal,now 1.0.5-1 amd64 [installed,automatic] +gettext-base/focal,now 0.19.8.1-10build1 amd64 [installed,automatic] +gir1.2-glib-2.0/focal-updates,now 1.64.1-1~ubuntu20.04.1 amd64 [installed,automatic] +gir1.2-packagekitglib-1.0/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +git-man/focal-updates,focal-security,now 1:2.25.1-1ubuntu3.11 all [installed,automatic] +git/focal-updates,focal-security,now 1:2.25.1-1ubuntu3.11 amd64 [installed] +glib-networking-common/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 all [installed,automatic] +glib-networking-services/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 amd64 [installed,automatic] +glib-networking/focal-updates,focal-security,now 2.64.2-1ubuntu0.1 amd64 [installed,automatic] +glusterfs-client/focal,now 7.2-2build1 amd64 [installed] +glusterfs-common/focal,now 7.2-2build1 amd64 [installed,automatic] +gnupg-l10n/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 all [installed,automatic] +gnupg-utils/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gnupg/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 all [installed] +gpg-agent/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg-wks-client/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg-wks-server/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpg/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgconf/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgsm/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +gpgv/focal-updates,focal-security,now 2.2.19-3ubuntu2.2 amd64 [installed,automatic] +grep/focal,now 3.4-1 amd64 [installed] +groff-base/focal,now 1.22.4-4build1 amd64 [installed,automatic] +grub-common/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub-efi-amd64-bin/focal-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/focal-updates,now 1.187.3~20.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/focal,now 0.7 amd64 [installed,automatic] +grub-pc-bin/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub-pc/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +grub2-common/focal-updates,now 2.04-1ubuntu26.17 amd64 [installed,automatic] +gsettings-desktop-schemas/focal,now 3.36.0-1ubuntu1 all [installed,automatic] +gzip/focal-updates,focal-security,now 1.10-0ubuntu4.1 amd64 [installed] +hdparm/focal,now 9.58+ds-4 amd64 [installed,automatic] +hostname/focal,now 3.23 amd64 [installed] +htop/focal,now 2.2.0-2build1 amd64 [installed] +iftop/focal,now 1.0~pre4-6build1 amd64 [installed] +info/focal,now 6.7.0.dfsg.2-5 amd64 [installed,automatic] +init-system-helpers/focal,now 1.57 all [installed] +init/focal,now 1.57 amd64 [installed] +initramfs-tools-bin/focal-updates,now 0.136ubuntu6.7 amd64 [installed,automatic] +initramfs-tools-core/focal-updates,now 0.136ubuntu6.7 all [installed,automatic] +initramfs-tools/focal-updates,now 0.136ubuntu6.7 all [installed] +inotify-tools/focal,now 3.14-8 amd64 [installed] +install-info/focal,now 6.7.0.dfsg.2-5 amd64 [installed,automatic] +iotop/focal-updates,now 0.6-24-g733f3f8-1ubuntu0.1 amd64 [installed] +iproute2/focal,now 5.5.0-1ubuntu1 amd64 [installed] +ipset/focal-updates,now 7.5-1ubuntu0.20.04.1 amd64 [installed] +iptables/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed] +iputils-ping/focal,now 3:20190709-3 amd64 [installed,automatic] +iputils-tracepath/focal,now 3:20190709-3 amd64 [installed,automatic] +irqbalance/focal,now 1.6.0-3ubuntu1 amd64 [installed,automatic] +isc-dhcp-client/focal-updates,now 4.4.1-2.1ubuntu5.20.04.5 amd64 [installed,automatic] +isc-dhcp-common/focal-updates,now 4.4.1-2.1ubuntu5.20.04.5 amd64 [installed,automatic] +iso-codes/focal,now 4.4-1 all [installed,automatic] +iw/focal,now 5.4-1 amd64 [installed,automatic] +jq/focal-updates,now 1.6-1ubuntu0.20.04.1 amd64 [installed] +kbd/focal,now 2.0.4-4ubuntu2 amd64 [installed,automatic] +kcapi-tools/now 1.1.5-1fips1 amd64 [installed,local] +keyboard-configuration/focal,now 1.194ubuntu3 all [installed,automatic] +keyutils/focal-updates,now 1.6-6ubuntu1.1 amd64 [installed] +klibc-utils/focal-updates,focal-security,now 2.0.7-1ubuntu5.1 amd64 [installed,automatic] +kmod/focal-updates,now 27-1ubuntu2.1 amd64 [installed] +kpartx/focal-updates,focal-security,now 0.8.3-1ubuntu2.1 amd64 [installed,automatic] +krb5-locales/focal-updates,focal-security,now 1.17-6ubuntu4.3 all [installed,automatic] +landscape-common/focal-updates,now 19.12-0ubuntu4.3 amd64 [installed] +language-selector-common/focal-updates,now 0.204.2 all [installed,automatic] +less/focal-updates,now 551-1ubuntu0.1 amd64 [installed,automatic] +libaccountsservice0/focal-updates,focal-security,now 0.6.55-0ubuntu12~20.04.6 amd64 [installed,automatic] +libacl1/focal,now 2.2.53-6 amd64 [installed,automatic] +libaio1/focal,now 0.3.112-5 amd64 [installed,automatic] +libapparmor1/focal-updates,now 2.13.3-7ubuntu5.2 amd64 [installed,automatic] +libappstream4/focal,now 0.12.10-2 amd64 [installed,automatic] +libapt-pkg6.0/focal-updates,now 2.0.9 amd64 [installed,automatic] +libarchive13/focal-updates,focal-security,now 3.4.0-2ubuntu1.2 amd64 [installed,automatic] +libargon2-1/focal,now 0~20171227-0.2 amd64 [installed,automatic] +libasan5/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libasn1-8-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libasound2-data/focal-updates,now 1.2.2-2.1ubuntu2.5 all [installed,automatic] +libasound2/focal-updates,now 1.2.2-2.1ubuntu2.5 amd64 [installed,automatic] +libassuan0/focal,now 2.5.3-7ubuntu2 amd64 [installed,automatic] +libatasmart4/focal,now 0.19-5 amd64 [installed,automatic] +libatm1/focal,now 1:2.5.1-4 amd64 [installed,automatic] +libatomic1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libattr1/focal,now 1:2.4.48-5 amd64 [installed,automatic] +libaudit-common/focal,now 1:2.8.5-2ubuntu6 all [installed,automatic] +libaudit1/focal,now 1:2.8.5-2ubuntu6 amd64 [installed,automatic] +libbabeltrace1/focal,now 1.5.8-1build1 amd64 [installed,automatic] +libbinutils/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libblkid1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libblockdev-crypto2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-fs2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-loop2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-part-err2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-part2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-swap2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev-utils2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libblockdev2/focal,now 2.23-2ubuntu3 amd64 [installed,automatic] +libboost-context1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-iostreams1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-program-options1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libboost-thread1.71.0/focal,now 1.71.0-6ubuntu6 amd64 [installed,automatic] +libbrotli1/focal-updates,focal-security,now 1.0.7-6ubuntu0.1 amd64 [installed,automatic] +libbsd0/focal,now 0.10.0-1 amd64 [installed,automatic] +libbz2-1.0/focal,now 1.0.8-2 amd64 [installed,automatic] +libc-bin/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc-dev-bin/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc6-dev/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libc6/focal-updates,now 2.31-0ubuntu9.9 amd64 [installed,automatic] +libcanberra0/focal,now 0.30-7ubuntu1 amd64 [installed,automatic] +libcap-ng0/focal,now 0.7.9-2.1build1 amd64 [installed,automatic] +libcap2-bin/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libcap2/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libcbor0.6/focal,now 0.6.0-0ubuntu1 amd64 [installed,automatic] +libcc1-0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libcephfs2/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +libcom-err2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libcrack2/focal,now 2.9.6-3.2 amd64 [installed,automatic] +libcrypt-dev/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic] +libcrypt1/focal,now 1:4.4.10-10ubuntu4 amd64 [installed,automatic] +libcryptsetup12/focal-updates,focal-security,now 2:2.2.2-3ubuntu2.4 amd64 [installed,automatic] +libctf-nobfd0/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libctf0/focal-updates,focal-security,now 2.34-6ubuntu1.6 amd64 [installed,automatic] +libcurl3-gnutls/focal-updates,focal-security,now 7.68.0-1ubuntu2.19 amd64 [installed,automatic] +libcurl4/focal-updates,focal-security,now 7.68.0-1ubuntu2.19 amd64 [installed,automatic] +libdb5.3/focal,now 5.3.28+dfsg1-0.6ubuntu2 amd64 [installed,automatic] +libdbus-1-3/focal-updates,focal-security,now 1.12.16-2ubuntu2.3 amd64 [installed,automatic] +libdconf1/focal,now 0.36.0-1 amd64 [installed,automatic] +libdebconfclient0/focal,now 0.251ubuntu1 amd64 [installed] +libdevmapper-event1.02.1/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +libdevmapper1.02.1/focal,now 2:1.02.167-1ubuntu1 amd64 [installed,automatic] +libdns-export1109/focal-updates,now 1:9.11.16+dfsg-3~ubuntu1 amd64 [installed,automatic] +libdpkg-perl/focal-updates,focal-security,now 1.19.7ubuntu3.2 all [installed,automatic] +libdrm-common/focal-updates,focal-security,now 2.4.107-8ubuntu1~20.04.2 all [installed,automatic] +libdrm2/focal-updates,focal-security,now 2.4.107-8ubuntu1~20.04.2 amd64 [installed,automatic] +libdw1/focal,now 0.176-1.1build1 amd64 [installed] +libeatmydata1/focal,now 105-7 amd64 [installed] +libedit2/focal,now 3.1-20191231-1 amd64 [installed,automatic] +libefiboot1/focal-updates,now 37-2ubuntu2.2 amd64 [installed,automatic] +libefivar1/focal-updates,now 37-2ubuntu2.2 amd64 [installed,automatic] +libelf1/focal,now 0.176-1.1build1 amd64 [installed,automatic] +liberror-perl/focal,now 0.17029-1 all [installed,automatic] +libestr0/focal,now 0.1.10-2.1 amd64 [installed,automatic] +libevent-2.1-7/focal,now 2.1.11-stable-1 amd64 [installed,automatic] +libexpat1/focal-updates,focal-security,now 2.2.9-1ubuntu0.6 amd64 [installed,automatic] +libext2fs2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libfastjson4/focal,now 0.99.8-2 amd64 [installed,automatic] +libfdisk1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libffi7/focal,now 3.3-4 amd64 [installed,automatic] +libfido2-1/focal,now 1.3.1-1ubuntu2 amd64 [installed,automatic] +libfl2/focal,now 2.6.4-6.2 amd64 [installed,automatic] +libfreetype6/focal-updates,focal-security,now 2.10.1-2ubuntu0.3 amd64 [installed,automatic] +libfribidi0/focal-updates,focal-security,now 1.0.8-2ubuntu0.1 amd64 [installed,automatic] +libfuse2/focal,now 2.9.9-3 amd64 [installed,automatic] +libfwupd2/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed,automatic] +libfwupdplugin1/focal-updates,now 1.5.11-0ubuntu1~20.04.2 amd64 [installed] +libfwupdplugin5/focal-updates,now 1.7.9-1~20.04.3 amd64 [installed,automatic] +libgcab-1.0-0/focal,now 1.4-1 amd64 [installed,automatic] +libgcc-9-dev/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libgcc-s1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libgcrypt20-hmac/now 1.8.5-5ubuntu1.fips.1.7 amd64 [installed,local] +libgcrypt20/now 1.8.5-5ubuntu1.fips.1.7 amd64 [installed,local] +libgdbm-compat4/focal,now 1.18.1-5 amd64 [installed,automatic] +libgdbm6/focal,now 1.18.1-5 amd64 [installed,automatic] +libgfapi0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfchangelog0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfrpc0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgfxdr0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgirepository-1.0-1/focal-updates,now 1.64.1-1~ubuntu20.04.1 amd64 [installed,automatic] +libglib2.0-0/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 amd64 [installed,automatic] +libglib2.0-bin/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 amd64 [installed,automatic] +libglib2.0-data/focal-updates,focal-security,now 2.64.6-1~ubuntu20.04.6 all [installed,automatic] +libglusterfs0/focal,now 7.2-2build1 amd64 [installed,automatic] +libgmp10/focal-updates,focal-security,now 2:6.2.0+dfsg-4ubuntu0.1 amd64 [installed,automatic] +libgnutls30/focal-updates,focal-security,now 3.6.13-2ubuntu1.8 amd64 [installed,automatic] +libgomp1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libgoogle-perftools4/focal,now 2.7-1ubuntu2 amd64 [installed,automatic] +libgpg-error0/focal,now 1.37-1 amd64 [installed,automatic] +libgpgme11/focal-updates,now 1.13.1-7ubuntu2.1 amd64 [installed,automatic] +libgpm2/focal,now 1.20.7-5 amd64 [installed,automatic] +libgssapi-krb5-2/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libgssapi3-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libgstreamer1.0-0/focal-updates,focal-security,now 1.16.3-0ubuntu1.1 amd64 [installed,automatic] +libgudev-1.0-0/focal,now 1:233-1 amd64 [installed,automatic] +libgusb2/focal,now 0.3.4-0.1 amd64 [installed,automatic] +libhcrypto4-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libheimbase1-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libheimntlm0-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libhogweed5/focal-updates,focal-security,now 3.5.1+really3.5.1-2ubuntu0.2 amd64 [installed,automatic] +libhx509-5-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libibverbs1/focal,now 28.0-1ubuntu1 amd64 [installed,automatic] +libicu66/focal-updates,focal-security,now 66.1-2ubuntu2.1 amd64 [installed,automatic] +libidn2-0/focal,now 2.2.0-2 amd64 [installed,automatic] +libinotifytools0/focal,now 3.14-8 amd64 [installed,automatic] +libip4tc2/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libip6tc2/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libipset13/focal-updates,now 7.5-1ubuntu0.20.04.1 amd64 [installed,automatic] +libisc-export1105/focal-updates,now 1:9.11.16+dfsg-3~ubuntu1 amd64 [installed,automatic] +libisl22/focal,now 0.22.1-1 amd64 [installed,automatic] +libisns0/focal,now 0.97-3 amd64 [installed,automatic] +libitm1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libjansson4/focal,now 2.12-1build1 amd64 [installed,automatic] +libjcat1/focal-updates,now 0.1.4-0ubuntu0.20.04.1 amd64 [installed,automatic] +libjq1/focal-updates,now 1.6-1ubuntu0.20.04.1 amd64 [installed,automatic] +libjson-c4/focal-updates,focal-security,now 0.13.1+dfsg-7ubuntu0.3 amd64 [installed,automatic] +libjson-glib-1.0-0/focal,now 1.4.4-2ubuntu2 amd64 [installed,automatic] +libjson-glib-1.0-common/focal,now 1.4.4-2ubuntu2 all [installed,automatic] +libk5crypto3/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libkcapi1/now 1.1.5-1fips1 amd64 [installed,local] +libkeyutils1/focal-updates,now 1.6-6ubuntu1.1 amd64 [installed,automatic] +libklibc/focal-updates,focal-security,now 2.0.7-1ubuntu5.1 amd64 [installed,automatic] +libkmod2/focal-updates,now 27-1ubuntu2.1 amd64 [installed,automatic] +libkrb5-26-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libkrb5-3/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libkrb5support0/focal-updates,focal-security,now 1.17-6ubuntu4.3 amd64 [installed,automatic] +libksba8/focal-updates,focal-security,now 1.3.5-2ubuntu0.20.04.2 amd64 [installed,automatic] +libldap-2.4-2/focal-updates,focal-security,now 2.4.49+dfsg-2ubuntu1.9 amd64 [installed,automatic] +libldap-common/focal-updates,focal-security,now 2.4.49+dfsg-2ubuntu1.9 all [installed,automatic] +libleveldb1d/focal,now 1.22-3ubuntu2 amd64 [installed,automatic] +liblmdb0/focal,now 0.9.24-1 amd64 [installed,automatic] +liblocale-gettext-perl/focal,now 1.07-4 amd64 [installed,automatic] +liblsan0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libltdl7/focal,now 2.4.6-14 amd64 [installed,automatic] +liblvm2cmd2.03/focal,now 2.03.07-1ubuntu1 amd64 [installed,automatic] +liblz4-1/focal-updates,focal-security,now 1.9.2-2ubuntu0.20.04.1 amd64 [installed,automatic] +liblzma5/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed,automatic] +liblzo2-2/focal,now 2.10-2 amd64 [installed,automatic] +libmagic-mgc/focal,now 1:5.38-4 amd64 [installed,automatic] +libmagic1/focal,now 1:5.38-4 amd64 [installed,automatic] +libmaxminddb0/focal-updates,focal-security,now 1.4.2-0ubuntu1.20.04.1 amd64 [installed,automatic] +libmbim-glib4/focal-updates,now 1.26.2-1~ubuntu20.04.1 amd64 [installed,automatic] +libmbim-proxy/focal-updates,now 1.26.2-1~ubuntu20.04.1 amd64 [installed,automatic] +libmm-glib0/focal-updates,now 1.18.6-1~ubuntu20.04.1 amd64 [installed,automatic] +libmnl0/focal,now 1.0.4-2 amd64 [installed,automatic] +libmount1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libmpc3/focal,now 1.1.0-1 amd64 [installed,automatic] +libmpdec2/focal,now 2.4.2-3 amd64 [installed,automatic] +libmpfr6/focal,now 4.0.2-1 amd64 [installed,automatic] +libncurses6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libncursesw6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libnetfilter-conntrack3/focal,now 1.0.7-2 amd64 [installed,automatic] +libnetplan0/focal-updates,now 0.104-0ubuntu2~20.04.2 amd64 [installed,automatic] +libnettle7/focal-updates,focal-security,now 3.5.1+really3.5.1-2ubuntu0.2 amd64 [installed,automatic] +libnewt0.52/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +libnfnetlink0/focal,now 1.0.1-3build1 amd64 [installed,automatic] +libnfsidmap2/focal,now 0.25-5.1ubuntu1 amd64 [installed,automatic] +libnftables1/focal,now 0.9.3-2 amd64 [installed,automatic] +libnftnl11/focal,now 1.1.5-1 amd64 [installed,automatic] +libnghttp2-14/focal-updates,focal-security,now 1.40.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-genl-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnl-route-3-200/focal-updates,now 3.4.0-1ubuntu0.1 amd64 [installed,automatic] +libnpth0/focal,now 1.6-1 amd64 [installed,automatic] +libnspr4/focal,now 2:4.25-1 amd64 [installed,automatic] +libnss-systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libnss3/focal-updates,focal-security,now 2:3.49.1-1ubuntu1.9 amd64 [installed,automatic] +libntfs-3g883/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] +libnuma1/focal,now 2.0.12-1 amd64 [installed,automatic] +liboath0/focal,now 2.6.1-1.3 amd64 [installed,automatic] +libogg0/focal,now 1.3.4-0ubuntu1 amd64 [installed,automatic] +libonig5/focal,now 6.9.4-1 amd64 [installed,automatic] +libp11-kit0/focal-updates,focal-security,now 0.23.20-1ubuntu0.1 amd64 [installed,automatic] +libpackagekit-glib2-18/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +libpam-cap/focal-updates,focal-security,now 1:2.32-1ubuntu0.1 amd64 [installed,automatic] +libpam-modules-bin/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libpam-modules/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libpam-pwquality/focal,now 1.4.2-1build1 amd64 [installed] +libpam-runtime/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 all [installed,automatic] +libpam-systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libpam0g/focal-updates,focal-security,now 1.3.1-5ubuntu4.6 amd64 [installed,automatic] +libparted-fs-resize0/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +libparted2/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +libpcap0.8/focal,now 1.9.1-3 amd64 [installed,automatic] +libpci3/focal-updates,now 1:3.6.4-1ubuntu0.20.04.1 amd64 [installed,automatic] +libpcre2-8-0/focal-updates,focal-security,now 10.34-7ubuntu0.1 amd64 [installed,automatic] +libpcre3/focal-updates,focal-security,now 2:8.39-12ubuntu0.1 amd64 [installed,automatic] +libperl5.30/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +libpipeline1/focal,now 1.5.2-2build1 amd64 [installed,automatic] +libplymouth5/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +libpng16-16/focal,now 1.6.37-2 amd64 [installed,automatic] +libpolkit-agent-1-0/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +libpolkit-gobject-1-0/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +libpopt0/focal,now 1.16-14 amd64 [installed,automatic] +libprocps8/focal-updates,now 2:3.3.16-1ubuntu2.3 amd64 [installed,automatic] +libproxy1v5/focal-updates,focal-security,now 0.4.15-10ubuntu1.2 amd64 [installed,automatic] +libpsl5/focal,now 0.21.0-1ubuntu1 amd64 [installed,automatic] +libpwquality-common/focal,now 1.4.2-1build1 all [installed,automatic] +libpwquality-tools/focal,now 1.4.2-1build1 amd64 [installed] +libpwquality1/focal,now 1.4.2-1build1 amd64 [installed,automatic] +libpython2-stdlib/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +libpython2.7-minimal/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +libpython2.7-stdlib/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +libpython3-stdlib/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +libpython3.8-minimal/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libpython3.8-stdlib/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libpython3.8/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +libqmi-glib5/focal-updates,now 1.30.4-1~ubuntu20.04.1 amd64 [installed,automatic] +libqmi-proxy/focal-updates,now 1.30.4-1~ubuntu20.04.1 amd64 [installed,automatic] +libquadmath0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +librabbitmq4/focal,now 0.10.0-1 amd64 [installed,automatic] +librados2/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +libradosstriper1/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +librbd1/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +librdmacm1/focal,now 28.0-1ubuntu1 amd64 [installed,automatic] +libreadline5/focal,now 5.2+dfsg-3build3 amd64 [installed,automatic] +libreadline8/focal,now 8.0-4 amd64 [installed,automatic] +libroken18-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +librtmp1/focal,now 2.4+20151223.gitfa8646d.1-2build1 amd64 [installed,automatic] +libsasl2-2/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libsasl2-modules-db/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libsasl2-modules/focal-updates,focal-security,now 2.1.27+dfsg-2ubuntu0.1 amd64 [installed,automatic] +libseccomp2/focal-updates,focal-security,now 2.5.1-1ubuntu1~20.04.2 amd64 [installed,automatic] +libselinux1/focal,now 3.0-1build2 amd64 [installed,automatic] +libsemanage-common/focal,now 3.0-1build2 all [installed,automatic] +libsemanage1/focal,now 3.0-1build2 amd64 [installed,automatic] +libsensors-config/focal-updates,now 1:3.6.0-2ubuntu1.1 all [installed,automatic] +libsensors5/focal-updates,now 1:3.6.0-2ubuntu1.1 amd64 [installed,automatic] +libsepol1/focal-updates,focal-security,now 3.0-1ubuntu0.1 amd64 [installed,automatic] +libsgutils2-2/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] +libsigsegv2/focal,now 2.12-2 amd64 [installed,automatic] +libslang2/focal,now 2.3.2-4 amd64 [installed,automatic] +libsmartcols1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libsmbios-c2/focal,now 2.4.3-1 amd64 [installed,automatic] +libsnappy1v5/focal,now 1.1.8-1build1 amd64 [installed,automatic] +libsodium23/focal,now 1.0.18-1 amd64 [installed] +libsoup2.4-1/focal,now 2.70.0-1 amd64 [installed,automatic] +libsqlite3-0/focal-updates,focal-security,now 3.31.1-4ubuntu0.5 amd64 [installed,automatic] +libss2/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +libssh-4/focal-updates,focal-security,now 0.9.3-2ubuntu2.3 amd64 [installed,automatic] +libssl1.1-hmac/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] +libssl1.1/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] +libstdc++-9-dev/focal-updates,focal-security,now 9.4.0-1ubuntu1~20.04.1 amd64 [installed,automatic] +libstdc++6/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libstemmer0d/focal,now 0+svn585-2 amd64 [installed,automatic] +libsysfs2/focal,now 2.1.0+repack-6 amd64 [installed,automatic] +libsystemd0/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libtalloc2/focal-updates,focal-security,now 2.3.3-0ubuntu0.20.04.1 amd64 [installed] +libtasn1-6/focal,now 4.16.0-2 amd64 [installed,automatic] +libtcmalloc-minimal4/focal,now 2.7-1ubuntu2 amd64 [installed,automatic] +libtdb1/focal-updates,focal-security,now 1.4.5-0ubuntu0.20.04.1 amd64 [installed,automatic] +libtevent0/focal-updates,focal-security,now 0.11.0-0ubuntu0.20.04.1 amd64 [installed] +libtext-charwidth-perl/focal,now 0.04-10 amd64 [installed,automatic] +libtext-iconv-perl/focal,now 1.7-7 amd64 [installed,automatic] +libtext-wrapi18n-perl/focal,now 0.06-9 all [installed,automatic] +libtinfo6/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed,automatic] +libtirpc-common/focal-updates,focal-security,now 1.2.5-1ubuntu0.1 all [installed,automatic] +libtirpc3/focal-updates,focal-security,now 1.2.5-1ubuntu0.1 amd64 [installed,automatic] +libtsan0/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libtss2-esys0/focal-updates,now 2.3.2-1ubuntu0.20.04.1 amd64 [installed,automatic] +libubsan1/focal-updates,focal-security,now 10.5.0-1ubuntu1~20.04 amd64 [installed,automatic] +libuchardet0/focal,now 0.0.6-3build1 amd64 [installed,automatic] +libudev1/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +libudisks2-0/focal-updates,now 2.8.4-1ubuntu2 amd64 [installed,automatic] +libunistring2/focal,now 0.9.10-2 amd64 [installed,automatic] +libunwind8/focal-updates,now 1.2.1-9ubuntu0.1 amd64 [installed,automatic] +liburcu6/focal,now 0.11.1-2 amd64 [installed,automatic] +libusb-1.0-0/focal,now 2:1.0.23-2build1 amd64 [installed,automatic] +libutempter0/focal,now 1.1.6-4 amd64 [installed,automatic] +libuuid1/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +libuv1/focal-updates,focal-security,now 1.34.2-1ubuntu1.3 amd64 [installed,automatic] +libvolume-key1/focal,now 0.3.12-3.1 amd64 [installed,automatic] +libvorbis0a/focal,now 1.3.6-2ubuntu1 amd64 [installed,automatic] +libvorbisfile3/focal,now 1.3.6-2ubuntu1 amd64 [installed,automatic] +libwbclient0/focal-updates,now 2:4.15.13+dfsg-0ubuntu0.20.04.4 amd64 [installed] +libwind0-heimdal/focal-updates,focal-security,now 7.7.0+dfsg-1ubuntu1.4 amd64 [installed,automatic] +libwrap0/focal,now 7.6.q-30 amd64 [installed] +libx11-6/focal-updates,focal-security,now 2:1.6.9-2ubuntu1.5 amd64 [installed,automatic] +libx11-data/focal-updates,focal-security,now 2:1.6.9-2ubuntu1.5 all [installed,automatic] +libxau6/focal,now 1:1.0.9-0ubuntu1 amd64 [installed,automatic] +libxcb1/focal,now 1.14-2 amd64 [installed,automatic] +libxdmcp6/focal,now 1:1.1.3-0ubuntu1 amd64 [installed,automatic] +libxext6/focal,now 2:1.3.4-0ubuntu1 amd64 [installed,automatic] +libxml2/focal-updates,focal-security,now 2.9.10+dfsg-5ubuntu0.20.04.6 amd64 [installed,automatic] +libxmlb1/focal-updates,now 0.1.15-2ubuntu1~20.04.1 amd64 [installed] +libxmlb2/focal-updates,now 0.3.6-2build1~20.04.1 amd64 [installed,automatic] +libxmuu1/focal,now 2:1.1.3-0ubuntu1 amd64 [installed,automatic] +libxtables12/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic] +libyaml-0-2/focal,now 0.2.2-1 amd64 [installed,automatic] +libzstd1/focal-updates,focal-security,now 1.4.4+dfsg-3ubuntu0.1 amd64 [installed,automatic] +linux-azure-5.15-cloud-tools-5.15.0-1042/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-azure-5.15-headers-5.15.0-1042/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 all [installed] +linux-azure-5.15-tools-5.15.0-1042/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-azure-fips-cloud-tools-5.4.0-1112/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-azure-fips-headers-5.4.0-1112/now 5.4.0-1112.118+fips1 all [installed,local] +linux-azure-fips-tools-5.4.0-1112/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-base-sgx/focal-updates,now 4.5ubuntu3.7 all [installed] +linux-base/focal-updates,now 4.5ubuntu3.7 all [installed,automatic] +linux-cloud-tools-5.15.0-1042-azure/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-cloud-tools-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-cloud-tools-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-cloud-tools-azure/focal-updates,focal-security,now 5.15.0.1042.49~20.04.32 amd64 [installed] +linux-cloud-tools-common/focal-updates,focal-security,now 5.4.0-156.173 all [installed] +linux-headers-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-headers-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-image-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-image-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-image-hmac-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-libc-dev/focal-updates,focal-security,now 5.4.0-156.173 amd64 [installed,automatic] +linux-modules-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-modules-extra-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-tools-5.15.0-1042-azure/focal-updates,focal-security,now 5.15.0-1042.49~20.04.1 amd64 [installed] +linux-tools-5.4.0-1112-azure-fips/now 5.4.0-1112.118+fips1 amd64 [installed,local] +linux-tools-azure-fips/now 5.4.0.1112.51 amd64 [installed,local] +linux-tools-azure/focal-updates,focal-security,now 5.15.0.1042.49~20.04.32 amd64 [installed] +linux-tools-common/focal-updates,focal-security,now 5.4.0-156.173 all [installed] +locales/focal-updates,now 2.31-0ubuntu9.9 all [installed,automatic] +login/focal-updates,focal-security,now 1:4.8.1-1ubuntu5.20.04.4 amd64 [installed,automatic] +logrotate/focal,now 3.14.0-4ubuntu3 amd64 [installed,automatic] +logsave/focal-updates,focal-security,now 1.45.5-2ubuntu1.1 amd64 [installed,automatic] +lsb-base/focal,now 11.1.0ubuntu2 all [installed,automatic] +lsb-release/focal,now 11.1.0ubuntu2 all [installed,automatic] +lshw/focal-updates,now 02.18.85-0.3ubuntu2.20.04.1 amd64 [installed,automatic] +lsof/focal-updates,now 4.93.2+dfsg-1ubuntu0.20.04.1 amd64 [installed,automatic] +lsscsi/focal,now 0.30-0.1 amd64 [installed] +ltrace/focal,now 0.7.3-6.1ubuntu1 amd64 [installed,automatic] +lvm2/focal,now 2.03.07-1ubuntu1 amd64 [installed] +lxd-agent-loader/focal,now 0.4 all [installed] +lz4/focal-updates,focal-security,now 1.9.2-2ubuntu0.20.04.1 amd64 [installed,automatic] +make/focal,now 4.2.1-1.2 amd64 [installed] +man-db/focal,now 2.9.1-1 amd64 [installed,automatic] +manpages/focal,now 5.05-1 all [installed,automatic] +mawk/focal,now 1.3.4.20200120-2 amd64 [installed,automatic] +mdadm/focal-updates,now 4.1-5ubuntu1.2 amd64 [installed] +mime-support/focal,now 3.64ubuntu1 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu20.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu20.04u1] +moby-runc/testing,focal,now 1.1.7+azure-ubuntu20.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu20.04u1] +modemmanager/focal-updates,now 1.18.6-1~ubuntu20.04.1 amd64 [installed,automatic] +mokutil/focal-updates,now 0.6.0-2~20.04.1 amd64 [installed] +motd-news-config/focal-updates,now 11ubuntu5.7 all [installed] +mount/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] +mtr-tiny/focal,now 0.93-1 amd64 [installed,automatic] +multipath-tools/focal-updates,focal-security,now 0.8.3-1ubuntu2.1 amd64 [installed] +nano/focal,now 4.8-1ubuntu1 amd64 [installed,automatic] +ncurses-base/focal-updates,focal-security,now 6.2-0ubuntu2.1 all [installed] +ncurses-bin/focal-updates,focal-security,now 6.2-0ubuntu2.1 amd64 [installed] +ncurses-term/focal-updates,focal-security,now 6.2-0ubuntu2.1 all [installed] +netbase/focal,now 6.1 all [installed,automatic] +netcat-openbsd/focal,now 1.206-1ubuntu1 amd64 [installed,automatic] +netcat/focal,now 1.206-1ubuntu1 all [installed] +netplan.io/focal-updates,now 0.104-0ubuntu2~20.04.2 amd64 [installed,automatic] +networkd-dispatcher/focal-updates,focal-security,now 2.1-2~ubuntu20.04.3 all [installed,automatic] +nfs-common/focal-updates,now 1:1.3.4-2.5ubuntu3.4 amd64 [installed] +nftables/focal,now 0.9.3-2 amd64 [installed] +ntfs-3g/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] +nvme-cli/focal-updates,now 1.9-1ubuntu0.1 amd64 [installed] +open-iscsi/focal-updates,focal-security,now 2.0.874-7.1ubuntu6.4 amd64 [installed] +openssh-client/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-sftp-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssl/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] +os-prober/focal,now 1.74ubuntu2 amd64 [installed,automatic] +overlayroot/focal-updates,now 0.45ubuntu2 all [installed] +packagekit-tools/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +packagekit/focal-updates,focal-security,now 1.1.13-2ubuntu1.1 amd64 [installed,automatic] +packages-microsoft-prod/focal,now 1.0-ubuntu20.04.1 all [installed] +parted/focal-updates,now 3.3-4ubuntu0.20.04.1 amd64 [installed,automatic] +passwd/focal-updates,focal-security,now 1:4.8.1-1ubuntu5.20.04.4 amd64 [installed,automatic] +pastebinit/focal,now 1.5.1-1 all [installed,automatic] +patch/focal,now 2.7.6-6 amd64 [installed] +pci.ids/focal,now 0.0~2020.03.20-1 all [installed,automatic] +pciutils/focal-updates,now 1:3.6.4-1ubuntu0.20.04.1 amd64 [installed,automatic] +perl-base/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +perl-modules-5.30/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 all [installed,automatic] +perl/focal-updates,focal-security,now 5.30.0-9ubuntu0.4 amd64 [installed,automatic] +pigz/focal,now 2.4-1 amd64 [installed] +pinentry-curses/focal,now 1.1.0-3build1 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +plymouth/focal-updates,now 0.9.4git20200323-0ubuntu6.2 amd64 [installed,automatic] +policykit-1/focal-updates,focal-security,now 0.105-26ubuntu1.3 amd64 [installed,automatic] +pollinate/focal-updates,now 4.33-3ubuntu1.20.04.1 all [installed] +popularity-contest/focal,now 1.69ubuntu1 all [installed,automatic] +powermgmt-base/focal,now 1.36 all [installed,automatic] +procps/focal-updates,now 2:3.3.16-1ubuntu2.3 amd64 [installed,automatic] +psmisc/focal,now 23.3-1 amd64 [installed,automatic] +publicsuffix/focal,now 20200303.0012-1 all [installed,automatic] +python-apt-common/focal-updates,now 2.0.1ubuntu0.20.04.1 all [installed,automatic] +python-is-python2/focal,now 2.7.17-4 all [installed] +python2-minimal/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +python2.7-minimal/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +python2.7/now 2.7.18-1~20.04.3+esm1 amd64 [installed,local] +python2/focal,now 2.7.17-2ubuntu4 amd64 [installed,automatic] +python3-apt/focal-updates,now 2.0.1ubuntu0.20.04.1 amd64 [installed,automatic] +python3-attr/focal,now 19.3.0-2 all [installed,automatic] +python3-automat/focal,now 0.8.0-1ubuntu1 all [installed,automatic] +python3-blinker/focal,now 1.4+dfsg1-0.3ubuntu1 all [installed,automatic] +python3-ceph-argparse/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-ceph-common/focal-updates,now 15.2.17-0ubuntu0.20.04.4 all [installed,automatic] +python3-cephfs/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-certifi/focal,now 2019.11.28-1 all [installed,automatic] +python3-cffi-backend/focal,now 1.14.0-1build1 amd64 [installed,automatic] +python3-chardet/focal,now 3.0.4-4build1 all [installed,automatic] +python3-click/focal,now 7.0-3 all [installed,automatic] +python3-colorama/focal,now 0.4.3-1build1 all [installed,automatic] +python3-commandnotfound/focal-updates,now 20.04.6 all [installed,automatic] +python3-configobj/focal,now 5.0.6-4 all [installed,automatic] +python3-constantly/focal,now 15.1.0-1build1 all [installed,automatic] +python3-cryptography/focal-updates,focal-security,now 2.8-3ubuntu0.1 amd64 [installed,automatic] +python3-dbus/focal,now 1.2.16-1build1 amd64 [installed,automatic] +python3-debconf/focal,now 1.5.73 all [installed,automatic] +python3-debian/focal-updates,now 0.1.36ubuntu1.1 all [installed,automatic] +python3-distro-info/focal-updates,now 0.23ubuntu1.1 all [installed,automatic] +python3-distro/focal,now 1.4.0-1 all [installed,automatic] +python3-distupgrade/focal-updates,now 1:20.04.41 all [installed,automatic] +python3-distutils/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 all [installed] +python3-entrypoints/focal,now 0.3-2ubuntu1 all [installed,automatic] +python3-gdbm/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 amd64 [installed,automatic] +python3-gi/focal,now 3.36.0-1 amd64 [installed,automatic] +python3-hamcrest/focal,now 1.9.0-3 all [installed,automatic] +python3-httplib2/focal,now 0.14.0-1ubuntu1 all [installed,automatic] +python3-hyperlink/focal,now 19.0.0-1 all [installed,automatic] +python3-idna/focal,now 2.8-1 all [installed,automatic] +python3-importlib-metadata/focal,now 1.5.0-1 all [installed] +python3-incremental/focal,now 16.10.1-3.2 all [installed,automatic] +python3-jinja2/focal,now 2.10.1-2 all [installed] +python3-json-pointer/focal,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/focal,now 1.23-3 all [installed] +python3-jsonschema/focal,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/focal-updates,focal-security,now 1.7.1-2ubuntu2.1 all [installed,automatic] +python3-keyring/focal,now 18.0.1-2ubuntu1 all [installed,automatic] +python3-launchpadlib/focal,now 1.10.13-1 all [installed,automatic] +python3-lazr.restfulclient/focal,now 0.14.2-2build1 all [installed,automatic] +python3-lazr.uri/focal,now 1.0.3-4build1 all [installed,automatic] +python3-lib2to3/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04 all [installed] +python3-markupsafe/focal,now 1.1.0-1build2 amd64 [installed] +python3-minimal/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +python3-more-itertools/focal,now 4.2.0-1build1 all [installed] +python3-nacl/focal,now 1.3.0-5 amd64 [installed] +python3-netifaces/focal,now 0.10.4-1ubuntu4 amd64 [installed,automatic] +python3-newt/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +python3-oauthlib/focal,now 3.1.0-1ubuntu2 all [installed,automatic] +python3-openssl/focal,now 19.0.0-1build1 all [installed,automatic] +python3-parted/focal,now 3.11.2-11.1build1 amd64 [installed] +python3-pexpect/focal,now 4.6.0-1build1 all [installed,automatic] +python3-pkg-resources/focal-updates,focal-security,now 45.2.0-1ubuntu0.1 all [installed,automatic] +python3-prettytable/focal,now 0.7.2-5 all [installed,automatic] +python3-ptyprocess/focal,now 0.6.0-1ubuntu1 all [installed,automatic] +python3-pyasn1-modules/focal,now 0.2.1-0.2build1 all [installed,automatic] +python3-pyasn1/focal,now 0.4.2-3build1 all [installed,automatic] +python3-pymacaroons/focal,now 0.13.0-3 all [installed] +python3-pyrsistent/focal,now 0.15.5-1build1 amd64 [installed] +python3-rados/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-rbd/focal-updates,now 15.2.17-0ubuntu0.20.04.4 amd64 [installed,automatic] +python3-requests-unixsocket/focal,now 0.2.0-2 all [installed,automatic] +python3-requests/focal-updates,focal-security,now 2.22.0-2ubuntu1.1 all [installed,automatic] +python3-secretstorage/focal,now 2.3.1-2ubuntu1 all [installed,automatic] +python3-serial/focal,now 3.4-5.1 all [installed] +python3-service-identity/focal,now 18.1.0-5build1 all [installed,automatic] +python3-setuptools/focal-updates,focal-security,now 45.2.0-1ubuntu0.1 all [installed] +python3-simplejson/focal,now 3.16.0-2ubuntu2 amd64 [installed,automatic] +python3-six/focal,now 1.14.0-2 all [installed,automatic] +python3-software-properties/focal-updates,now 0.99.9.11 all [installed,automatic] +python3-twisted-bin/focal-updates,focal-security,now 18.9.0-11ubuntu0.20.04.2 amd64 [installed,automatic] +python3-twisted/focal-updates,focal-security,now 18.9.0-11ubuntu0.20.04.2 all [installed,automatic] +python3-update-manager/focal-updates,now 1:20.04.10.11 all [installed,automatic] +python3-urllib3/focal-updates,focal-security,now 1.25.8-2ubuntu0.2 all [installed,automatic] +python3-wadllib/focal,now 1.3.3-3build1 all [installed,automatic] +python3-yaml/focal-updates,focal-security,now 5.3.1-1ubuntu0.1 amd64 [installed,automatic] +python3-zipp/focal,now 1.0.0-1 all [installed] +python3-zope.interface/focal,now 4.7.1-1 amd64 [installed,automatic] +python3.8-minimal/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +python3.8/focal-updates,focal-security,now 3.8.10-0ubuntu1~20.04.8 amd64 [installed,automatic] +python3/focal,now 3.8.2-0ubuntu2 amd64 [installed,automatic] +readline-common/focal,now 8.0-4 all [installed,automatic] +rng-tools/focal,now 5-1ubuntu2 amd64 [installed] +rpcbind/focal,now 1.2.5-8 amd64 [installed,automatic] +rsync/focal-updates,focal-security,now 3.1.3-8ubuntu0.5 amd64 [installed,automatic] +rsyslog/focal-updates,focal-security,now 8.2001.0-1ubuntu1.3 amd64 [installed,automatic] +run-one/focal,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/focal-updates,now 0.9.2-2ubuntu1.1 amd64 [installed,automatic] +screen/focal-updates,focal-security,now 4.8.0-1ubuntu0.1 amd64 [installed] +secureboot-db/focal,now 1.5 amd64 [installed,automatic] +sed/focal,now 4.7-1 amd64 [installed,automatic] +sensible-utils/focal,now 0.0.12+nmu1 all [installed,automatic] +sg3-utils-udev/focal,now 1.44-1ubuntu2 all [installed,automatic] +sg3-utils/focal,now 1.44-1ubuntu2 amd64 [installed,automatic] +shared-mime-info/focal,now 1.15-1 amd64 [installed,automatic] +shim-signed/focal-security,now 1.40.7+15.4-0ubuntu9 amd64 [installed,upgradable to: 1.40.9+15.7-0ubuntu1] +socat/focal,now 1.7.3.3-2 amd64 [installed] +software-properties-common/focal-updates,now 0.99.9.11 all [installed] +sosreport/focal-updates,now 4.5.6-0ubuntu1~20.04.1 amd64 [installed] +sound-theme-freedesktop/focal,now 0.8-2ubuntu1 all [installed,automatic] +ssh-import-id/focal,now 5.10-0ubuntu1 all [installed] +strace/focal-updates,now 5.5-3ubuntu1 amd64 [installed,automatic] +sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.5 amd64 [installed,automatic] +sysfsutils/focal,now 2.1.0+repack-6 amd64 [installed] +sysstat/focal-updates,focal-security,now 12.2.0-2ubuntu0.3 amd64 [installed] +systemd-sysv/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +systemd/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +sysvinit-utils/focal,now 2.96-2.1ubuntu1 amd64 [installed] +tar/focal-updates,focal-security,now 1.30+dfsg-7ubuntu0.20.04.3 amd64 [installed,automatic] +tcpdump/focal-updates,now 4.9.3-4ubuntu0.2 amd64 [installed,automatic] +telnet/focal,now 0.17-41.2build1 amd64 [installed,automatic] +thin-provisioning-tools/focal,now 0.8.5-4build1 amd64 [installed,automatic] +time/focal,now 1.7-25.1build1 amd64 [installed,automatic] +tmux/focal-updates,focal-security,now 3.0a-2ubuntu0.4 amd64 [installed] +tpm-udev/focal,now 0.4 all [installed,automatic] +traceroute/focal,now 1:2.1.0-2 amd64 [installed] +tzdata/focal-updates,now 2023c-0ubuntu0.20.04.2 all [installed,automatic] +ubuntu-advantage-tools/focal-updates,now 28.1~20.04 amd64 [installed,automatic] +ubuntu-azure-fips/now 1.2.5+updates1 amd64 [installed,local] +ubuntu-keyring/focal-updates,now 2020.02.11.4 all [installed,automatic] +ubuntu-minimal/focal-updates,now 1.450.2 amd64 [installed] +ubuntu-release-upgrader-core/focal-updates,now 1:20.04.41 all [installed,automatic] +ubuntu-standard/focal-updates,now 1.450.2 amd64 [installed] +ucf/focal,now 3.0038+nmu1 all [installed,automatic] +udev/focal-updates,now 245.4-4ubuntu3.22 amd64 [installed,automatic] +udisks2/focal-updates,now 2.8.4-1ubuntu2 amd64 [installed,automatic] +ufw/focal-updates,now 0.36-6ubuntu1.1 all [installed,automatic] +unattended-upgrades/focal-updates,now 2.3ubuntu0.3 all [installed,automatic] +update-manager-core/focal-updates,now 1:20.04.10.11 all [installed,automatic] +update-notifier-common/focal-updates,now 3.192.30.17 all [installed] +usb-modeswitch-data/focal,now 20191128-3 all [installed,automatic] +usb-modeswitch/focal,now 2.5.2+repack0-2ubuntu3 amd64 [installed,automatic] +usb.ids/focal,now 2020.03.19-1 all [installed,automatic] +usbutils/focal,now 1:012-2 amd64 [installed,automatic] +util-linux/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] +uuid-runtime/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] +vim-common/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-runtime/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-tiny/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] +vim/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed] +walinuxagent/focal-updates,now 2.2.46-0ubuntu1.2 amd64 [installed] +wget/focal-updates,now 1.20.3-1ubuntu2 amd64 [installed,automatic] +whiptail/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] +wireless-regdb/focal-updates,focal-security,now 2022.06.06-0ubuntu1~20.04.1 all [installed,automatic] +xauth/focal,now 1:1.1-0ubuntu1 amd64 [installed,automatic] +xdg-user-dirs/focal,now 0.17-2ubuntu1 amd64 [installed,automatic] +xfsprogs/focal,now 5.3.0-1ubuntu2 amd64 [installed] +xkb-data/focal,now 2.29-2 all [installed,automatic] +xxd/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] +xz-utils/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed] +zip/focal,now 3.0-11build1 amd64 [installed] +zlib1g/focal-updates,focal-security,now 1:1.2.11.dfsg-2ubuntu1.5 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +/dev/root 29G 22G 7.0G 76% / +devtmpfs 3.4G 0 3.4G 0% /dev +tmpfs 3.4G 0 3.4G 0% /dev/shm +tmpfs 694M 988K 693M 1% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup +/dev/sda15 105M 6.1M 99M 6% /boot/efi +/dev/sdb1 14G 28K 13G 1% /mnt +tmpfs 694M 0 694M 0% /run/user/1000 +Using kernel: +Linux version 5.4.0-1112-azure-fips (buildd@lcy02-amd64-096) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #118+fips1-Ubuntu SMP Tue Jul 11 20:33:01 UTC 2023 +Install completed successfully on Tue Aug 22 17:14:06 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 20.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: True +=== os-release Begin +NAME="Ubuntu" +VERSION="20.04.6 LTS (Focal Fossa)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 20.04.6 LTS" +VERSION_ID="20.04" +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +VERSION_CODENAME=focal +UBUNTU_CODENAME=focal +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-image-list.json index 7fe0aebb25b..32ab00160e6 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2004gen2fipscontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-report.json index 828cc6af17e..936ccb126bd 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmgkunativxz", + "ArtifactName": "pkrvmyjc31h0g0e", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmgkunativxz (ubuntu 20.04)", + "Target": "pkrvmyjc31h0g0e (ubuntu 20.04)", "Class": "os-pkgs", "Type": "ubuntu" }, @@ -1603,7 +1603,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1612,7 +1614,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1762,7 +1764,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1771,7 +1775,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -1921,7 +1925,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -1930,7 +1936,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -2080,7 +2086,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2089,7 +2097,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -2242,7 +2250,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -2251,7 +2261,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest.txt index a4581960c7d..aa1b217e4b9 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2004fipscontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:17 UTC 2023 +Starting build on Tue Aug 22 16:25:39 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,16 +131,16 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:21 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:21 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:25 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:25 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:27 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:27 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:27 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:30 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:43 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:43 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:45 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:45 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:45 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:48 /usr/local/bin/bpftrace === Installed Packages Begin Listing... accountsservice/focal-updates,focal-security,now 0.6.55-0ubuntu12~20.04.6 amd64 [installed,automatic] @@ -693,9 +694,9 @@ nftables/focal,now 0.9.3-2 amd64 [installed] ntfs-3g/focal-updates,focal-security,now 1:2017.3.23AR.3-3ubuntu1.3 amd64 [installed,automatic] nvme-cli/focal-updates,now 1.9-1ubuntu0.1 amd64 [installed] open-iscsi/focal-updates,focal-security,now 2.0.874-7.1ubuntu6.4 amd64 [installed] -openssh-client/now 1:8.2p1-4ubuntu0.fips.0.8 amd64 [installed,local] -openssh-server/now 1:8.2p1-4ubuntu0.fips.0.8 amd64 [installed,local] -openssh-sftp-server/now 1:8.2p1-4ubuntu0.fips.0.8 amd64 [installed,local] +openssh-client/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] +openssh-sftp-server/now 1:8.2p1-4ubuntu0.fips.0.9 amd64 [installed,local] openssl/now 1.1.1f-1ubuntu2.fips.19 amd64 [installed,local] os-prober/focal,now 1.74ubuntu2 amd64 [installed,automatic] overlayroot/focal-updates,now 0.45ubuntu2 all [installed] @@ -826,7 +827,7 @@ shared-mime-info/focal,now 1.15-1 amd64 [installed,automatic] shim-signed/focal-security,now 1.40.7+15.4-0ubuntu9 amd64 [installed,upgradable to: 1.40.9+15.7-0ubuntu1] socat/focal,now 1.7.3.3-2 amd64 [installed] software-properties-common/focal-updates,now 0.99.9.11 all [installed] -sosreport/focal-updates,now 4.4-1ubuntu0.20.04.1 amd64 [installed] +sosreport/focal-updates,now 4.5.6-0ubuntu1~20.04.1 amd64 [installed] sound-theme-freedesktop/focal,now 0.8-2ubuntu1 all [installed,automatic] ssh-import-id/focal,now 5.10-0ubuntu1 all [installed] strace/focal-updates,now 5.5-3ubuntu1 amd64 [installed,automatic] @@ -864,10 +865,10 @@ usb.ids/focal,now 2020.03.19-1 all [installed,automatic] usbutils/focal,now 1:012-2 amd64 [installed,automatic] util-linux/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed] uuid-runtime/focal-updates,now 2.34-0.1ubuntu9.4 amd64 [installed,automatic] -vim-common/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 all [installed,automatic] -vim-runtime/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 all [installed,automatic] -vim-tiny/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 amd64 [installed,automatic] -vim/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 amd64 [installed] +vim-common/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-runtime/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 all [installed,automatic] +vim-tiny/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] +vim/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed] walinuxagent/focal-updates,now 2.2.46-0ubuntu1.2 amd64 [installed] wget/focal-updates,now 1.20.3-1ubuntu2 amd64 [installed,automatic] whiptail/focal,now 0.52.21-4ubuntu2 amd64 [installed,automatic] @@ -876,14 +877,14 @@ xauth/focal,now 1:1.1-0ubuntu1 amd64 [installed,automatic] xdg-user-dirs/focal,now 0.17-2ubuntu1 amd64 [installed,automatic] xfsprogs/focal,now 5.3.0-1ubuntu2 amd64 [installed] xkb-data/focal,now 2.29-2 all [installed,automatic] -xxd/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.16 amd64 [installed,automatic] +xxd/focal-updates,focal-security,now 2:8.1.2269-1ubuntu5.17 amd64 [installed,automatic] xz-utils/focal-updates,focal-security,now 5.2.4-1ubuntu1.1 amd64 [installed] zip/focal,now 3.0-11build1 amd64 [installed] zlib1g/focal-updates,focal-security,now 1:1.2.11.dfsg-2ubuntu1.5 amd64 [installed,automatic] === Installed Packages End Disk usage: Filesystem Size Used Avail Use% Mounted on -/dev/root 29G 22G 7.2G 76% / +/dev/root 29G 22G 7.0G 76% / devtmpfs 3.4G 0 3.4G 0% /dev tmpfs 3.4G 0 3.4G 0% /dev/shm tmpfs 694M 988K 693M 1% /run @@ -894,10 +895,10 @@ tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup tmpfs 694M 0 694M 0% /run/user/1000 Using kernel: Linux version 5.4.0-1112-azure-fips (buildd@lcy02-amd64-096) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #118+fips1-Ubuntu SMP Tue Jul 11 20:33:01 UTC 2023 -Install completed successfully on Wed Aug 16 17:52:33 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:14:06 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 20.04 Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..e927a8b47f8 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-image-list.json @@ -0,0 +1,817 @@ +{ + "sku": "2204gen2arm64containerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:029e28acfa0a78d29a9be5f20a060c87a74ec8523f525522acb9411121866b3b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:03a5f6a47761726e63272e94e4bea70de259b1b644d1a5d94e304b43f3de51e9", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:03bba7644841f9a0ae3bae2edd0fa9c2c0529d041441953402f7248f3e604c0f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:078bb9ab27afca3a73e92b3a26860509537b8f2e9bde20501d4df175a0e1899b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:08c2dc4229fec87c1a8dff6a6541f04a264973965c79578b3e7981648703a782", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:0911b94b2768461197b39aa3b4713ea64b08f7e5c993a7b5c074f48ccd6137dd", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:094f81991e672caaea3cb6482ed3e75a30e5f2a7558f604f3bd8a4f4932e8841", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:0f08ff5e0377c83be346575fa2b081bb5df195d60bc987d57839608e9c00f0a5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:1559865e411d1aa1cc4b7d9b359673e711b687ef406a67713fde5e0c3cd3b100", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:16638544d9005400b8c828497a6f9dd59eb22c52044f2e5bd854446ce890fe38", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + }, + { + "id": "sha256:16c59097595401776e42bd90ffd7fbdc5a501cd3c1c247f8ba764b3efb1b6943", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:1ef5a89185e7017cfd67515023f01537648765f05f21d7650508b11587b9dcbd", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:2104e2ede8b09c3c4a4b328c9b0d0c41d0e6d6afef6953140e3828b86d1435ef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:22b54cc53654130d9ef80621b73b74508c276b74c8e711299db7b9be539eccde", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:29b2a51801246fbe9a9dcd1e302f87b5b1f1ca197aef5f6ce55b77653c809dee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:29b9c11b05756a721f2af086d486635b5ec219781b4964a34d298353e56baa55", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:2c41585648de3181ed246160b371cb95e764e368d9a5f8f07d3fa8dfd01dd4be", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:2e1a6ae7f8a11a9bc68883417edd268c638b0c19860d206d18188cbaec9fc050", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:309770371975972493c162d537b17f63590e8cea46f190ca609693a57abc36eb", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:336bfa8edab879a63cabf9d65a9792261673b77a8b3ee614675a8ca44434dbd5", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:33ced36e954d9a616762ea3d6fd28b66085f9ee73366e1b685d5ec5d192b5a7f", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:354a3638d0e4f1e99f79d4a1522997c07823590847b4e1128fcaf2f7d44e9e15", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:37ceb553c3205291128639c9ad553d15608f23b5cdac92fa78dfadc99a98669f", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:3af6a65aa9e9b7874a111f347031582e09aaaf7e70d24d25b1b3682efaf3ee9b", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:3e03a43b6d22daf85fe6aa23c43e82a77e34506c085bd826a916c2fb8944c9f0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:41a5419580ae3ca07d7d6797c5c4c7f30a35ffdf71502b2b8c4f48234cfa6604", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:43834bcd11a3324afe0e06889499187279220d15e00713630bdf6d9ffe835bcc", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:49a6384e08d4a112838b6154fca9edb49b4cf5ad36cb91ff72b1744ca2df36da", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:4bee58df2217fc0a3da97c8df69bc1b8cec662683c6e8536e0ea0e3f60a76486", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:4d546929714bf77c7a26b563c6992d952bd00668f37459363ad44ea58a53c6ec", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:53be7459c0d4de20fba2078fca976350ad68dff0cf6120ea8877173047e51ff5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:54c61f388d69dae8783a662ef0f1b206d9e8ba36a0a74b566b6b01e576dd3e9d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:57300ee001d0f178bc3dc4a704ef0e91b4ab6ae123193e81f0f35476f52ac5f6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:61626aa10c8033901b52ab0100e9b877227a1198cff32cd42e7ef6c3597cf80e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:62432a27f56d32a56916ea613578ae01109e4a1129ef154e0cfdcb21452b1873", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:638e0bdeece4fb53d86227e0144d6ef6ec12a6f4ed35ebb9eeb69fb8647a1eab", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:6af98f2a56564f6d6ce5aec3cd6d6b4142306a57642fd1596f449e1510f6e147", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6dbb8c782a18243ab19d55def07d8a693af145e32d5a532e959add0248ec7bb8", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:707ae15f152d2e3e610d455e9797e30a23580d0fbc5d4ff1b96471291564ecab", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:712be482d236ed8355d289dd28c1741f7056eb85277340a8e5e98c1f6be759b6", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:720b0f13c4f74054a28fa80c5c9402311cfc55b77bce2b8dce8f9ca2d3aea5ca", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:74a2a9cc00683ec9618024abaf0c60398ff6dd4333b764ae5a45d36d9c62ab36", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:74b4903c99c974d7334cf636883f3f0e9b623f56d0aaa3b08b6984bd5744cb84", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:780ddb9840f9468e2b5fcc260e5ef6d7a3ce9f33be987fd69b8bd68a4d2f663b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:783c2028c9db5963e5d95b3dda2a57b75c2b82ed52012c38c5bf38086f3a207e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:790c4e91f08b87b1d29a7c24131803470e6fc13158247bc8f537c4a54ccd19f1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:7967ff637bc02782a265da08a9b2fa25ed9260f5afe22fcef22114265c28bad7", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7ac4a0264620269872de83cd8d8ffc3dc9c4f8f1aa1dc075c91693b543200bf3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:7c70cdfa3001ed6bf26ec76c40379689035b8b6484776a791ec8d08a3991aef0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:890d2e5c8490dc603a6ce4367e69d63a3ca41ae63dae672dd9998e93a9995cc4", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:891375114959d684b21c18cf3523b26ff0dccee324b45101b5c463dc08242058", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:8bb22d37b02463894fb0d8865a7bc672efcf0d44fe14223d59cbc068b59a2885", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:8ec703a8caf9c4c6a93fb453dacf8502e16de202a4d701dffdddd634372196d0", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:95415170ecc2b475736e4d24d760ba081970b09974f76370061d4de3f28428d5", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:97224bdbb8d620086c3a7b353cb50f036b47241daeb459449761a33e9964ce3a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:97fb3c290434e7782b579ccd84c641fdd2473e64e5946a723b84994748cbd0ea", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:9ad6073e60874426ff782d3294e32ad3c1576fd7ecf277de03bf6cec835ea6dc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:9b2c961742d72d17baca025c7de50a8ef7cbabcf89d713741c4278b5d515ef28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:9e3aa067aebba2ba9848865d3c407a5bb141865310a65f2021087a9a3aa64dda", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:a43dfb12d49198b2d2d0476ca39af2a7f7e544bb85c4269e7070ef9d23cde8da", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:a869e46777a8d81dde6466ff966051eb023b9520d0e9d673702c416ed5d78e63", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:a98373e24a1f8a62d1a7fe1e84b81bb613658f088c9017924890a3ae054bb56e", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:abb36e95ba4358fcce1edb04e7f59c9226bc272fef1a67d3aeb655e583c95244", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:b1e59235672008fecf0b6a73df25bc38a9765e901c0104fcce6b6f2868c5cec4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:b1f3ef2255c8ca64d9a3d1b33131d0dca101a4fb9eb824313454bb1730e6d1b9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:b3b80b6a756a3fbf600cda87007c14a36656c9c2d72ec0772986fa34370ebc6a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:b3d07208cad330195453067a3f1d7accea54006a98ff4f955f425830d13a61c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:b636c26276cc1afa2d5a5eb3d0e85a855349bc00b702087861c47ef992be72e7", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:b8255f8d0bc1e285be34a8359095d046a4e1d3e628e49d9667b977015193541c", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:bb1a3ebaf5d77f4caa527be1c2f09ab0a3ddcfcc1b40d447c3cecbc284f4de7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:bd5c4ec28e5b8187df605f314d1975a225e7bf1ec6d258b82e6457696ee815eb", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:bee54938fcfd369275d7de77f40e8a5ab3ea0335473c0c2685dd955f56c62507", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:bfaaee1dfcb03adea8995fec4ceb77689d8339d76e4224cdcdeab21eb50cce77", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:bfc444e6f51cef9abcd6c5d3ed986fa6f270013a456d4d69e71b8284acd7aee6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:c3862cba675070a24d70283e1d9f5b18d2755c7ce0f2659bf7782693a97157f2", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:c3d0d12b85695f4f184a7807f874541c454fad31b62f05d7c905a6d78c22953a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:c47eff4dfbd4cb549f6dd25c0481e0e847776d52d1f727c07717acaca738e29b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:c4cd5b18af3fe5aa9d9938152160174ac7ba170d0ab1d61bd7359d55593466e8", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c53a1e0d896c490e6868b0595d6cb167c785a3a35862c74f2eaf75549979f16e", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:c7df0e05d6c807082980d57dbd2cfc59d8bde3e58f8e86a350125177dd700877", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:cb4b52f32d56b7c2e7382dd304bb2d39e1e8ed8da3777449cfca2866e22f987b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:d24b2b93882cd8850a003655fe33996206319309122685076835470b4c760fab", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:dca02241055037440b213b2bcb304132206e71e346409d656bdc44661d695769", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:df5b53e402efd722cf62f3dbd2192b03bc127657ded33a53793a15275fdca35c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:e04bdc3a452f61da0d4bd15c96107de3480bba75df9aabc1b3cb81f373728ca7", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:e3a43b58db8d1cde0a546358eadc939c9cba5c9ed9267609280ee7c75a6b3a74", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:ee8ebb32fb27ddc09c181144d0d1e4fbc798ac9f61f3ee01a0c83632df380d82", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:ef32adb129c3d53f20c11109186462c4b73a79dcfffeac19ecc81443c283aee2", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:f2015264159662304c9cde852466e8bce4e9a92d666d0cebd9e337cec7262b05", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:fa7bb68e60ae67627280fd2d2c89e8462941f69946e0792f639a14df936df734", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..fe6f0ec0167 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2003 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..cb638e85098 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0-trivy-report.json @@ -0,0 +1,4636 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmab9ztomukm", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "22.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmab9ztomukm (ubuntu 22.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-arm64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-arm64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-arm64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-arm64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-arm64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-arm64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-arm64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-arm64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0.txt new file mode 100644 index 00000000000..2f0362121d1 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/202308.22.0.txt @@ -0,0 +1,903 @@ +Starting build on Tue Aug 22 16:27:11 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.14.0 + - nvidia-driver=-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 49040644 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 112518232 Jun 12 19:27 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 44564480 Jun 12 19:27 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 112191384 Jun 12 19:27 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 44630016 Jun 12 19:27 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 100728832 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 47054848 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 116765240 Jun 12 19:43 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 46465024 Jun 12 19:43 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 109832568 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 43581440 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 116748696 Jun 12 19:44 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 46465024 Jun 12 19:44 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 109836824 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 43581440 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 112847936 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 44630016 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 100728832 Jun 19 17:03 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 47054848 Jun 19 17:03 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 110460512 Jun 19 17:04 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 43581440 Jun 19 17:04 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 117384832 Jun 19 17:05 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 46465024 Jun 19 17:05 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:27 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:27 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 33595200 Aug 22 16:35 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 44976688 Aug 22 16:35 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 43353240 Aug 22 16:38 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 49910128 Aug 22 16:38 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 51531936 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 57806112 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 38155688 Aug 22 16:41 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +=== Installed Packages Begin +Listing... +adduser/jammy,now 3.118ubuntu5 all [installed,automatic] +apparmor/jammy-updates,now 3.0.4-2ubuntu2.2 arm64 [installed,automatic] +apt-transport-https/jammy-updates,now 2.4.10 all [installed] +apt-utils/jammy-updates,now 2.4.10 arm64 [installed,automatic] +apt/jammy-updates,now 2.4.10 arm64 [installed,automatic] +attr/jammy,now 1:2.5.1-1build1 arm64 [installed,automatic] +base-files/jammy-updates,now 12ubuntu4.4 arm64 [installed] +base-passwd/jammy,now 3.5.52build1 arm64 [installed] +bash-completion/jammy,now 1:2.11-5ubuntu1 all [installed,automatic] +bash/jammy,now 5.1-6ubuntu1 arm64 [installed] +bc/jammy,now 1.07.1-3build1 arm64 [installed,automatic] +bcache-tools/jammy,now 1.0.8-4ubuntu3 arm64 [installed] +bind9-dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 arm64 [installed,automatic] +bind9-host/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 arm64 [installed,automatic] +bind9-libs/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 arm64 [installed,automatic] +binutils-aarch64-linux-gnu/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 arm64 [installed,automatic] +binutils-common/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 arm64 [installed,automatic] +binutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 arm64 [installed,automatic] +bolt/jammy,now 0.9.2-1 arm64 [installed] +bpftrace/jammy,now 0.14.0-1 arm64 [installed] +bsdextrautils/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +bsdutils/jammy,now 1:2.37.2-4ubuntu3 arm64 [installed] +btrfs-progs/jammy,now 5.16.2-1 arm64 [installed] +build-essential/jammy,now 12.9ubuntu3 arm64 [installed] +busybox-initramfs/jammy,now 1:1.30.1-7ubuntu3 arm64 [installed,automatic] +busybox-static/jammy,now 1:1.30.1-7ubuntu3 arm64 [installed,automatic] +byobu/jammy,now 5.133-1 all [installed] +bzip2/jammy,now 1.0.8-5build1 arm64 [installed,automatic] +ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 all [installed] +ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed] +cgroup-lite/jammy,now 1.15 all [installed] +chrony/jammy,now 4.2-2ubuntu2 arm64 [installed] +cifs-utils/jammy-updates,jammy-security,now 2:6.14-1ubuntu0.1 arm64 [installed] +cloud-guest-utils/jammy,now 0.32-22-g45fe84a5-0ubuntu1 all [installed] +cloud-init/jammy-updates,now 23.2.2-0ubuntu0~22.04.1 all [installed] +cloud-initramfs-copymods/jammy,now 0.47ubuntu1 all [installed] +cloud-initramfs-dyn-netconf/jammy,now 0.47ubuntu1 all [installed] +command-not-found/jammy,now 22.04.0 all [installed,automatic] +conntrack/jammy,now 1:1.4.6-2build2 arm64 [installed] +console-setup-linux/jammy,now 1.205ubuntu3 all [installed,automatic] +console-setup/jammy,now 1.205ubuntu3 all [installed,automatic] +coreutils/jammy,now 8.32-4.1ubuntu1 arm64 [installed,automatic] +cpio/jammy,now 2.13+dfsg-7 arm64 [installed,automatic] +cpp-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +cpp-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +cpp/jammy,now 4:11.2.0-1ubuntu1 arm64 [installed,automatic] +cracklib-runtime/jammy,now 2.9.6-3.4build4 arm64 [installed] +cron/jammy,now 3.0pl1-137ubuntu3 arm64 [installed,automatic] +cryptsetup-bin/jammy-updates,now 2:2.4.3-1ubuntu1.1 arm64 [installed,automatic] +cryptsetup-initramfs/jammy-updates,now 2:2.4.3-1ubuntu1.1 all [installed,automatic] +cryptsetup/jammy-updates,now 2:2.4.3-1ubuntu1.1 arm64 [installed,automatic] +curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 arm64 [installed] +dash/jammy,now 0.5.11+git20210903+057cd650a4ed-3build1 arm64 [installed] +dbus-user-session/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 arm64 [installed,automatic] +dbus/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 arm64 [installed,automatic] +dctrl-tools/jammy,now 2.24-3build2 arm64 [installed,automatic] +debconf-i18n/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debianutils/jammy,now 5.5-1ubuntu2 arm64 [installed,automatic] +device-tree-compiler/jammy,now 1.6.1-1 arm64 [installed,automatic] +devio/jammy,now 1.2-1.2build3 arm64 [installed,automatic] +diffutils/jammy,now 1:3.8-0ubuntu2 arm64 [installed] +dirmngr/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed] +distro-info-data/jammy-updates,now 0.52ubuntu0.4 all [installed,automatic] +distro-info/jammy-updates,now 1.1ubuntu0.1 arm64 [installed,automatic] +dkms/jammy-updates,now 2.8.7-2ubuntu2.2 all [installed] +dmeventd/jammy,now 2:1.02.175-2.1ubuntu4 arm64 [installed,automatic] +dmidecode/jammy-updates,now 3.3-3ubuntu0.1 arm64 [installed,automatic] +dmsetup/jammy,now 2:1.02.175-2.1ubuntu4 arm64 [installed,automatic] +dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 all [installed] +dosfstools/jammy,now 4.2-1build3 arm64 [installed,automatic] +dpkg-dev/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +dpkg/jammy-updates,now 1.21.1ubuntu2.2 arm64 [installed,automatic] +e2fsprogs/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 arm64 [installed,automatic] +eatmydata/jammy,now 130-2build1 all [installed] +ebtables/jammy,now 2.0.11-4build2 arm64 [installed] +ed/jammy,now 1.18-1 arm64 [installed,automatic] +efibootmgr/jammy,now 17-1ubuntu2 arm64 [installed] +eject/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +ethtool/jammy,now 1:5.16-1 arm64 [installed] +fdisk/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +file/jammy,now 1:5.41-3 arm64 [installed,automatic] +finalrd/jammy,now 9build1 all [installed,automatic] +findutils/jammy,now 4.8.0-1ubuntu3 arm64 [installed] +flash-kernel/jammy-updates,now 3.104ubuntu16 arm64 [installed] +fonts-ubuntu-console/jammy,now 0.83-6ubuntu1 all [installed] +friendly-recovery/jammy,now 0.2.42 all [installed,automatic] +ftp/jammy,now 20210827-4build1 all [installed,automatic] +fuse3/jammy,now 3.10.5-1build1 arm64 [installed,automatic] +fwupd-signed/jammy-updates,now 1.51.1~22.04.1+1.4-0ubuntu0.1 arm64 [installed] +g++-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +g++/jammy,now 4:11.2.0-1ubuntu1 arm64 [installed,automatic] +gawk/jammy,now 1:5.1.0-1build3 arm64 [installed,automatic] +gcc-11-base/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +gcc-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +gcc-12-base/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +gcc-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +gcc/jammy,now 4:11.2.0-1ubuntu1 arm64 [installed] +gdisk/jammy,now 1.0.8-4build1 arm64 [installed,automatic] +gettext-base/jammy,now 0.21-4ubuntu4 arm64 [installed,automatic] +gir1.2-glib-2.0/jammy,now 1.72.0-1 arm64 [installed,automatic] +gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 arm64 [installed,automatic] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 arm64 [installed] +glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed] +glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] +gnupg-utils/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gnupg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed] +gpg-agent/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gpg-wks-client/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gpg-wks-server/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gpg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gpgconf/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gpgsm/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +gpgv/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 arm64 [installed,automatic] +grep/jammy,now 3.7-1build1 arm64 [installed] +groff-base/jammy,now 1.22.4-8build1 arm64 [installed,automatic] +grub-common/jammy-updates,now 2.06-2ubuntu7.2 arm64 [installed] +grub-efi-arm64-bin/jammy-updates,now 2.06-2ubuntu14.1 arm64 [installed] +grub-efi-arm64-signed/jammy-updates,now 1.187.3~22.04.1+2.06-2ubuntu14.1 arm64 [installed] +grub-efi-arm64/jammy-updates,now 2.06-2ubuntu14.1 arm64 [installed] +grub2-common/jammy-updates,now 2.06-2ubuntu7.2 arm64 [installed] +gzip/jammy-updates,now 1.10-4ubuntu4.1 arm64 [installed] +hdparm/jammy,now 9.60+ds-1build3 arm64 [installed,automatic] +hostname/jammy,now 3.23ubuntu2 arm64 [installed] +htop/jammy,now 3.0.5-7build2 arm64 [installed] +iftop/jammy,now 1.0~pre4-7 arm64 [installed] +info/jammy,now 6.8-4build1 arm64 [installed,automatic] +init-system-helpers/jammy,now 1.62 all [installed] +init/jammy,now 1.62 arm64 [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 arm64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] +inotify-tools/jammy,now 3.22.1.0-2 arm64 [installed] +install-info/jammy,now 6.8-4build1 arm64 [installed,automatic] +iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 arm64 [installed] +iproute2/jammy,now 5.15.0-1ubuntu2 arm64 [installed] +ipset/jammy,now 7.15-1build1 arm64 [installed] +iptables/jammy-updates,now 1.8.7-1ubuntu5.1 arm64 [installed] +iputils-ping/jammy,now 3:20211215-1 arm64 [installed,automatic] +iputils-tracepath/jammy,now 3:20211215-1 arm64 [installed,automatic] +irqbalance/jammy,now 1.8.0-1build1 arm64 [installed,automatic] +isc-dhcp-client/jammy-updates,now 4.4.1-2.3ubuntu2.4 arm64 [installed,automatic] +isc-dhcp-common/jammy-updates,now 4.4.1-2.3ubuntu2.4 arm64 [installed,automatic] +iso-codes/jammy,now 4.9.0-1 all [installed,automatic] +jq/jammy,now 1.6-2.1ubuntu3 arm64 [installed] +kbd/jammy-updates,now 2.3.0-3ubuntu4.22.04 arm64 [installed,automatic] +keyboard-configuration/jammy,now 1.205ubuntu3 all [installed,automatic] +keyutils/jammy,now 1.6.1-2ubuntu3 arm64 [installed] +klibc-utils/jammy,now 2.0.10-4 arm64 [installed,automatic] +kmod/jammy,now 29-1ubuntu1 arm64 [installed] +kpartx/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 arm64 [installed,automatic] +landscape-common/jammy,now 19.12-0ubuntu13 arm64 [installed] +less/jammy-updates,jammy-security,now 590-1ubuntu0.22.04.1 arm64 [installed,automatic] +libacl1/jammy,now 2.3.1-1 arm64 [installed,automatic] +libaio1/jammy,now 0.3.112-13build1 arm64 [installed,automatic] +libapparmor1/jammy-updates,now 3.0.4-2ubuntu2.2 arm64 [installed,automatic] +libappstream4/jammy,now 0.15.2-2 arm64 [installed,automatic] +libapt-pkg6.0/jammy-updates,now 2.4.10 arm64 [installed,automatic] +libarchive13/jammy,now 3.6.0-1ubuntu1 arm64 [installed] +libargon2-1/jammy,now 0~20171227-0.3 arm64 [installed,automatic] +libasan6/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +libasan8/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libassuan0/jammy,now 2.5.5-1build1 arm64 [installed,automatic] +libatasmart4/jammy,now 0.19-5build2 arm64 [installed] +libatm1/jammy,now 1:2.5.1-4build2 arm64 [installed,automatic] +libatomic1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libattr1/jammy,now 1:2.5.1-1build1 arm64 [installed,automatic] +libaudit-common/jammy,now 1:3.0.7-1build1 all [installed,automatic] +libaudit1/jammy,now 1:3.0.7-1build1 arm64 [installed,automatic] +libbabeltrace1/jammy,now 1.5.8-2build1 arm64 [installed,automatic] +libbinutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 arm64 [installed,automatic] +libblkid1/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +libblockdev-crypto2/jammy,now 2.26-1 arm64 [installed] +libblockdev-fs2/jammy,now 2.26-1 arm64 [installed] +libblockdev-loop2/jammy,now 2.26-1 arm64 [installed] +libblockdev-part-err2/jammy,now 2.26-1 arm64 [installed] +libblockdev-part2/jammy,now 2.26-1 arm64 [installed] +libblockdev-swap2/jammy,now 2.26-1 arm64 [installed] +libblockdev-utils2/jammy,now 2.26-1 arm64 [installed] +libblockdev2/jammy,now 2.26-1 arm64 [installed] +libboost-context1.74.0/jammy,now 1.74.0-14ubuntu3 arm64 [installed,automatic] +libboost-filesystem1.74.0/jammy,now 1.74.0-14ubuntu3 arm64 [installed,automatic] +libboost-iostreams1.74.0/jammy,now 1.74.0-14ubuntu3 arm64 [installed,automatic] +libboost-program-options1.74.0/jammy,now 1.74.0-14ubuntu3 arm64 [installed,automatic] +libboost-thread1.74.0/jammy,now 1.74.0-14ubuntu3 arm64 [installed,automatic] +libbpf0/jammy-updates,jammy-security,now 1:0.5.0-1ubuntu22.04.1 arm64 [installed,automatic] +libbpfcc/jammy,now 0.18.0+ds-2 arm64 [installed,automatic] +libbrotli1/jammy,now 1.0.9-2build6 arm64 [installed,automatic] +libbsd0/jammy,now 0.11.5-1 arm64 [installed,automatic] +libbz2-1.0/jammy,now 1.0.8-5build1 arm64 [installed,automatic] +libc-bin/jammy-updates,now 2.35-0ubuntu3.1 arm64 [installed,automatic] +libc-dev-bin/jammy-updates,now 2.35-0ubuntu3.1 arm64 [installed,automatic] +libc6-dev/jammy-updates,now 2.35-0ubuntu3.1 arm64 [installed,automatic] +libc6/jammy-updates,now 2.35-0ubuntu3.1 arm64 [installed,automatic] +libcap-ng0/jammy,now 0.7.9-2.2build3 arm64 [installed,automatic] +libcap2-bin/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 arm64 [installed,automatic] +libcap2/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 arm64 [installed,automatic] +libcbor0.8/jammy,now 0.8.0-2ubuntu1 arm64 [installed,automatic] +libcc1-0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libcephfs2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +libclang-cpp11/jammy,now 1:11.1.0-6 arm64 [installed,automatic] +libclang1-11/jammy,now 1:11.1.0-6 arm64 [installed,automatic] +libcom-err2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 arm64 [installed,automatic] +libcrack2/jammy,now 2.9.6-3.4build4 arm64 [installed,automatic] +libcrypt-dev/jammy,now 1:4.4.27-1 arm64 [installed,automatic] +libcrypt1/jammy,now 1:4.4.27-1 arm64 [installed,automatic] +libcryptsetup12/jammy-updates,now 2:2.4.3-1ubuntu1.1 arm64 [installed,automatic] +libctf-nobfd0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 arm64 [installed,automatic] +libctf0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 arm64 [installed,automatic] +libcurl3-gnutls/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 arm64 [installed,automatic] +libcurl4/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 arm64 [installed,automatic] +libdaxctl1/jammy,now 72.1-1 arm64 [installed,automatic] +libdb5.3/jammy,now 5.3.28+dfsg1-0.8ubuntu3 arm64 [installed,automatic] +libdbus-1-3/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 arm64 [installed,automatic] +libdebconfclient0/jammy,now 0.261ubuntu1 arm64 [installed] +libdevmapper-event1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 arm64 [installed,automatic] +libdevmapper1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 arm64 [installed,automatic] +libdns-export1110/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 arm64 [installed,automatic] +libdpkg-perl/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +libdrm-common/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 all [installed,automatic] +libdrm2/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 arm64 [installed,automatic] +libdw1/jammy,now 0.186-1build1 arm64 [installed,automatic] +libeatmydata1/jammy,now 130-2build1 arm64 [installed] +libedit2/jammy,now 3.1-20210910-1build1 arm64 [installed,automatic] +libefiboot1/jammy,now 37-6ubuntu2 arm64 [installed] +libefivar1/jammy,now 37-6ubuntu2 arm64 [installed] +libelf1/jammy,now 0.186-1build1 arm64 [installed,automatic] +liberror-perl/jammy,now 0.17029-1 all [installed,automatic] +libestr0/jammy,now 0.1.10-2.1build3 arm64 [installed,automatic] +libevent-core-2.1-7/jammy,now 2.1.12-stable-1build3 arm64 [installed,automatic] +libexpat1/jammy-updates,jammy-security,now 2.4.7-1ubuntu0.2 arm64 [installed,automatic] +libext2fs2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 arm64 [installed,automatic] +libfastjson4/jammy,now 0.99.9-1build2 arm64 [installed,automatic] +libfdisk1/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +libfdt1/jammy,now 1.6.1-1 arm64 [installed,automatic] +libffi8/jammy,now 3.4.2-4 arm64 [installed,automatic] +libfido2-1/jammy,now 1.10.0-1 arm64 [installed,automatic] +libflashrom1/jammy,now 1.2-5build1 arm64 [installed] +libfreetype6/jammy-updates,jammy-security,now 2.11.1+dfsg-1ubuntu0.2 arm64 [installed] +libfribidi0/jammy-updates,jammy-security,now 1.0.8-2ubuntu3.1 arm64 [installed,automatic] +libftdi1-2/jammy,now 1.5-5build3 arm64 [installed] +libfuse3-3/jammy,now 3.10.5-1build1 arm64 [installed,automatic] +libfwupd2/jammy-updates,now 1.7.9-1~22.04.3 arm64 [installed] +libfwupdplugin5/jammy-updates,now 1.7.9-1~22.04.3 arm64 [installed] +libgcab-1.0-0/jammy,now 1.4-3build2 arm64 [installed] +libgcc-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +libgcc-12-dev/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libgcc-s1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libgcrypt20/jammy,now 1.9.4-3ubuntu3 arm64 [installed,automatic] +libgdbm-compat4/jammy,now 1.23-1 arm64 [installed,automatic] +libgdbm6/jammy,now 1.23-1 arm64 [installed,automatic] +libgfapi0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +libgfchangelog0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +libgfrpc0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +libgfxdr0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +libgirepository-1.0-1/jammy,now 1.72.0-1 arm64 [installed,automatic] +libglib2.0-0/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 arm64 [installed,automatic] +libglib2.0-bin/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 arm64 [installed,automatic] +libglib2.0-data/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 all [installed,automatic] +libglusterd0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +libglusterfs0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] +libgmp10/jammy,now 2:6.2.1+dfsg-3ubuntu1 arm64 [installed,automatic] +libgnutls30/jammy-updates,jammy-security,now 3.7.3-4ubuntu1.2 arm64 [installed,automatic] +libgomp1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libgoogle-perftools4/jammy,now 2.9.1-0ubuntu3 arm64 [installed,automatic] +libgpg-error0/jammy,now 1.43-3 arm64 [installed,automatic] +libgpgme11/jammy-updates,now 1.16.0-1.2ubuntu4.1 arm64 [installed] +libgpm2/jammy,now 1.20.7-10build1 arm64 [installed,automatic] +libgssapi-krb5-2/jammy-updates,now 1.19.2-2ubuntu0.2 arm64 [installed,automatic] +libgstreamer1.0-0/jammy-updates,now 1.20.3-0ubuntu1 arm64 [installed,automatic] +libgudev-1.0-0/jammy,now 1:237-2build1 arm64 [installed] +libgusb2/jammy,now 0.3.10-1 arm64 [installed] +libhogweed6/jammy,now 3.7.3-1build2 arm64 [installed,automatic] +libhwasan0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libibverbs1/jammy,now 39.0-1 arm64 [installed,automatic] +libicu70/jammy,now 70.1-2 arm64 [installed,automatic] +libidn2-0/jammy,now 2.3.2-2build1 arm64 [installed,automatic] +libinih1/jammy,now 53-1ubuntu3 arm64 [installed,automatic] +libiniparser1/jammy,now 4.1-4ubuntu4 arm64 [installed,automatic] +libinotifytools0/jammy,now 3.22.1.0-2 arm64 [installed,automatic] +libintl-perl/jammy,now 1.26-3build2 all [installed,automatic] +libintl-xs-perl/jammy,now 1.26-3build2 arm64 [installed,automatic] +libip4tc2/jammy-updates,now 1.8.7-1ubuntu5.1 arm64 [installed,automatic] +libip6tc2/jammy-updates,now 1.8.7-1ubuntu5.1 arm64 [installed,automatic] +libipset13/jammy,now 7.15-1build1 arm64 [installed,automatic] +libisc-export1105/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 arm64 [installed,automatic] +libisl23/jammy,now 0.24-2build1 arm64 [installed,automatic] +libisns0/jammy,now 0.101-0ubuntu2 arm64 [installed,automatic] +libitm1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libjansson4/jammy,now 2.13.1-1.1build3 arm64 [installed,automatic] +libjcat1/jammy,now 0.1.9-1 arm64 [installed] +libjq1/jammy,now 1.6-2.1ubuntu3 arm64 [installed,automatic] +libjson-c5/jammy-updates,now 0.15-3~ubuntu1.22.04.1 arm64 [installed,automatic] +libjson-glib-1.0-0/jammy,now 1.6.6-1build1 arm64 [installed] +libjson-glib-1.0-common/jammy,now 1.6.6-1build1 all [installed] +libk5crypto3/jammy-updates,now 1.19.2-2ubuntu0.2 arm64 [installed,automatic] +libkeyutils1/jammy,now 1.6.1-2ubuntu3 arm64 [installed,automatic] +libklibc/jammy,now 2.0.10-4 arm64 [installed,automatic] +libkmod2/jammy,now 29-1ubuntu1 arm64 [installed,automatic] +libkrb5-3/jammy-updates,now 1.19.2-2ubuntu0.2 arm64 [installed,automatic] +libkrb5support0/jammy-updates,now 1.19.2-2ubuntu0.2 arm64 [installed,automatic] +libksba8/jammy-updates,jammy-security,now 1.6.0-2ubuntu0.2 arm64 [installed,automatic] +libldap-2.5-0/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 arm64 [installed,automatic] +libldap-common/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 all [installed,automatic] +libllvm11/jammy,now 1:11.1.0-6 arm64 [installed,automatic] +liblmdb0/jammy,now 0.9.24-1build2 arm64 [installed,automatic] +liblocale-gettext-perl/jammy,now 1.07-4build3 arm64 [installed,automatic] +liblsan0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +liblua5.3-0/jammy,now 5.3.6-1build1 arm64 [installed,automatic] +liblvm2cmd2.03/jammy,now 2.03.11-2.1ubuntu4 arm64 [installed,automatic] +liblz4-1/jammy,now 1.9.3-2build2 arm64 [installed,automatic] +liblzma5/jammy,now 5.2.5-2ubuntu1 arm64 [installed,automatic] +liblzo2-2/jammy,now 2.10-2build3 arm64 [installed,automatic] +libmagic-mgc/jammy,now 1:5.41-3 arm64 [installed,automatic] +libmagic1/jammy,now 1:5.41-3 arm64 [installed,automatic] +libmaxminddb0/jammy,now 1.5.2-1build2 arm64 [installed,automatic] +libmbim-glib4/jammy-updates,now 1.28.0-1~ubuntu20.04.1 arm64 [installed] +libmbim-proxy/jammy-updates,now 1.28.0-1~ubuntu20.04.1 arm64 [installed] +libmd0/jammy,now 1.0.4-1build1 arm64 [installed,automatic] +libmm-glib0/jammy-updates,now 1.20.0-1~ubuntu22.04.2 arm64 [installed] +libmnl0/jammy,now 1.0.4-3build2 arm64 [installed,automatic] +libmodule-find-perl/jammy,now 0.15-1 all [installed,automatic] +libmodule-scandeps-perl/jammy,now 1.31-1 all [installed,automatic] +libmount1/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +libmpc3/jammy,now 1.2.1-2build1 arm64 [installed,automatic] +libmpdec3/jammy,now 2.5.1-2build2 arm64 [installed,automatic] +libmpfr6/jammy,now 4.1.0-3build3 arm64 [installed,automatic] +libncurses6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 arm64 [installed,automatic] +libncursesw6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 arm64 [installed,automatic] +libndctl6/jammy,now 72.1-1 arm64 [installed,automatic] +libnetfilter-conntrack3/jammy,now 1.0.9-1 arm64 [installed,automatic] +libnetplan0/jammy-updates,now 0.105-0ubuntu2~22.04.3 arm64 [installed,automatic] +libnettle8/jammy,now 3.7.3-1build2 arm64 [installed,automatic] +libnewt0.52/jammy,now 0.52.21-5ubuntu2 arm64 [installed,automatic] +libnfnetlink0/jammy,now 1.0.1-3build3 arm64 [installed,automatic] +libnfsidmap1/jammy-updates,now 1:2.6.1-1ubuntu1.2 arm64 [installed,automatic] +libnftables1/jammy-updates,now 1.0.2-1ubuntu3 arm64 [installed,automatic] +libnftnl11/jammy,now 1.2.1-1build1 arm64 [installed,automatic] +libnghttp2-14/jammy,now 1.43.0-1build3 arm64 [installed,automatic] +libnl-3-200/jammy,now 3.5.0-0.1 arm64 [installed,automatic] +libnl-genl-3-200/jammy,now 3.5.0-0.1 arm64 [installed,automatic] +libnl-route-3-200/jammy,now 3.5.0-0.1 arm64 [installed,automatic] +libnpth0/jammy,now 1.6-3build2 arm64 [installed,automatic] +libnsl-dev/jammy,now 1.3.0-2build2 arm64 [installed,automatic] +libnsl2/jammy,now 1.3.0-2build2 arm64 [installed,automatic] +libnspr4/jammy,now 2:4.32-3build1 arm64 [installed] +libnss-systemd/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +libnss3/jammy-updates,jammy-security,now 2:3.68.2-0ubuntu1.2 arm64 [installed] +libntfs-3g89/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 arm64 [installed,automatic] +libnuma1/jammy,now 2.0.14-3ubuntu2 arm64 [installed,automatic] +liboath0/jammy,now 2.6.7-3build1 arm64 [installed,automatic] +libonig5/jammy,now 6.9.7.1-2build1 arm64 [installed,automatic] +libopeniscsiusr/jammy,now 2.1.5-1ubuntu1 arm64 [installed,automatic] +libp11-kit0/jammy,now 0.24.0-6build1 arm64 [installed,automatic] +libpackagekit-glib2-18/jammy,now 1.2.5-2ubuntu2 arm64 [installed,automatic] +libpam-cap/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 arm64 [installed,automatic] +libpam-modules-bin/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 arm64 [installed,automatic] +libpam-modules/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 arm64 [installed,automatic] +libpam-pwquality/jammy,now 1.4.4-1build2 arm64 [installed] +libpam-runtime/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 all [installed,automatic] +libpam-systemd/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +libpam0g/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 arm64 [installed,automatic] +libparted-fs-resize0/jammy,now 3.4-2build1 arm64 [installed] +libparted2/jammy,now 3.4-2build1 arm64 [installed,automatic] +libpcap0.8/jammy,now 1.10.1-4build1 arm64 [installed,automatic] +libpci3/jammy,now 1:3.7.0-6 arm64 [installed,automatic] +libpcre2-8-0/jammy-updates,jammy-security,now 10.39-3ubuntu0.1 arm64 [installed,automatic] +libpcre3/jammy-updates,jammy-security,now 2:8.39-13ubuntu0.22.04.1 arm64 [installed,automatic] +libperl5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 arm64 [installed,automatic] +libpipeline1/jammy,now 1.5.5-1 arm64 [installed,automatic] +libplymouth5/jammy,now 0.9.5+git20211018-1ubuntu3 arm64 [installed,automatic] +libpmem1/jammy,now 1.11.1-3build1 arm64 [installed,automatic] +libpmemobj1/jammy,now 1.11.1-3build1 arm64 [installed,automatic] +libpng16-16/jammy,now 1.6.37-3build5 arm64 [installed,automatic] +libpolkit-agent-1-0/jammy,now 0.105-33 arm64 [installed,automatic] +libpolkit-gobject-1-0/jammy,now 0.105-33 arm64 [installed,automatic] +libpopt0/jammy,now 1.18-3build1 arm64 [installed,automatic] +libproc-processtable-perl/jammy,now 0.634-1build1 arm64 [installed,automatic] +libprocps8/jammy,now 2:3.3.17-6ubuntu2 arm64 [installed,automatic] +libpsl5/jammy,now 0.21.0-1.2build2 arm64 [installed,automatic] +libpwquality-common/jammy,now 1.4.4-1build2 all [installed,automatic] +libpwquality-tools/jammy,now 1.4.4-1build2 arm64 [installed] +libpwquality1/jammy,now 1.4.4-1build2 arm64 [installed,automatic] +libpython3-stdlib/jammy-updates,jammy-security,now 3.10.6-1~22.04 arm64 [installed,automatic] +libpython3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 arm64 [installed,automatic] +libpython3.10-stdlib/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 arm64 [installed,automatic] +libpython3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 arm64 [installed,automatic] +libqmi-glib5/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 arm64 [installed] +libqmi-proxy/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 arm64 [installed] +librabbitmq4/jammy,now 0.10.0-1ubuntu2 arm64 [installed,automatic] +librados2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +libradosstriper1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +librbd1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +librdmacm1/jammy,now 39.0-1 arm64 [installed,automatic] +libreadline8/jammy,now 8.1.2-1 arm64 [installed,automatic] +librtmp1/jammy,now 2.4+20151223.gitfa8646d.1-2build4 arm64 [installed,automatic] +libsasl2-2/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 arm64 [installed,automatic] +libsasl2-modules-db/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 arm64 [installed,automatic] +libsasl2-modules/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 arm64 [installed,automatic] +libseccomp2/jammy,now 2.5.3-2ubuntu2 arm64 [installed,automatic] +libselinux1/jammy,now 3.3-1build2 arm64 [installed,automatic] +libsemanage-common/jammy,now 3.3-1build2 all [installed,automatic] +libsemanage2/jammy,now 3.3-1build2 arm64 [installed,automatic] +libsensors-config/jammy,now 1:3.6.0-7ubuntu1 all [installed,automatic] +libsensors5/jammy,now 1:3.6.0-7ubuntu1 arm64 [installed,automatic] +libsepol2/jammy,now 3.3-1build1 arm64 [installed,automatic] +libsgutils2-2/jammy,now 1.46-1build1 arm64 [installed,automatic] +libsigsegv2/jammy,now 2.13-1ubuntu3 arm64 [installed,automatic] +libslang2/jammy,now 2.3.2-5build4 arm64 [installed,automatic] +libsmartcols1/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +libsnappy1v5/jammy,now 1.1.8-1build3 arm64 [installed,automatic] +libsodium23/jammy,now 1.0.18-1build2 arm64 [installed,automatic] +libsort-naturally-perl/jammy,now 1.03-2 all [installed,automatic] +libsqlite3-0/jammy-updates,jammy-security,now 3.37.2-2ubuntu0.1 arm64 [installed,automatic] +libss2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 arm64 [installed,automatic] +libssh-4/jammy-updates,jammy-security,now 0.9.6-2ubuntu0.22.04.1 arm64 [installed,automatic] +libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 arm64 [installed,automatic] +libstdc++-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +libstdc++6/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libstemmer0d/jammy,now 2.2.0-1build1 arm64 [installed,automatic] +libsysfs2/jammy,now 2.1.1-1build1 arm64 [installed,automatic] +libsystemd0/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +libtalloc2/jammy,now 2.3.3-2build1 arm64 [installed] +libtasn1-6/jammy,now 4.18.0-4build1 arm64 [installed,automatic] +libtcl8.6/jammy,now 8.6.12+dfsg-1build1 arm64 [installed] +libtcmalloc-minimal4/jammy,now 2.9.1-0ubuntu3 arm64 [installed,automatic] +libterm-readkey-perl/jammy,now 2.38-1build4 arm64 [installed,automatic] +libtevent0/jammy,now 0.11.0-1build1 arm64 [installed] +libtext-charwidth-perl/jammy,now 0.04-10build3 arm64 [installed,automatic] +libtext-iconv-perl/jammy,now 1.7-7build3 arm64 [installed,automatic] +libtext-wrapi18n-perl/jammy,now 0.06-9 all [installed,automatic] +libtinfo6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 arm64 [installed,automatic] +libtirpc-common/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 all [installed,automatic] +libtirpc-dev/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 arm64 [installed,automatic] +libtirpc3/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 arm64 [installed,automatic] +libtsan0/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 arm64 [installed,automatic] +libtsan2/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libtss2-esys-3.0.2-0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-mu0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-rc0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-sys1/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-tcti-cmd0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-tcti-device0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-tcti-mssim0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libtss2-tcti-swtpm0/jammy,now 3.2.0-1ubuntu1 arm64 [installed] +libubootenv-tool/jammy,now 0.3.2-1build1 arm64 [installed,automatic] +libubootenv0.1/jammy,now 0.3.2-1build1 arm64 [installed,automatic] +libubsan1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 arm64 [installed,automatic] +libuchardet0/jammy,now 0.0.7-1build2 arm64 [installed,automatic] +libudev1/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +libudisks2-0/jammy,now 2.9.4-1ubuntu2 arm64 [installed] +libunistring2/jammy,now 1.0-1 arm64 [installed,automatic] +libunwind8/jammy-updates,now 1.3.2-2build2.1 arm64 [installed,automatic] +liburcu8/jammy,now 0.13.1-1 arm64 [installed,automatic] +libusb-1.0-0/jammy-updates,now 2:1.0.25-1ubuntu2 arm64 [installed,automatic] +libutempter0/jammy,now 1.2.1-2build2 arm64 [installed,automatic] +libuuid1/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +libuv1/jammy,now 1.43.0-1 arm64 [installed,automatic] +libvolume-key1/jammy,now 0.3.12-3.1build3 arm64 [installed] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 arm64 [installed] +libwrap0/jammy,now 7.6.q-31build2 arm64 [installed] +libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 arm64 [installed,automatic] +libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] +libxau6/jammy,now 1:1.0.9-1build5 arm64 [installed,automatic] +libxcb1/jammy,now 1.14-3ubuntu3 arm64 [installed,automatic] +libxdmcp6/jammy,now 1:1.1.3-0ubuntu5 arm64 [installed,automatic] +libxext6/jammy,now 2:1.3.4-1build1 arm64 [installed,automatic] +libxml2/jammy-updates,jammy-security,now 2.9.13+dfsg-1ubuntu0.3 arm64 [installed,automatic] +libxmlb2/jammy,now 0.3.6-2build1 arm64 [installed,automatic] +libxmuu1/jammy,now 2:1.1.3-3 arm64 [installed,automatic] +libxtables12/jammy-updates,now 1.8.7-1ubuntu5.1 arm64 [installed,automatic] +libxxhash0/jammy,now 0.8.1-1 arm64 [installed,automatic] +libyaml-0-2/jammy,now 0.2.2-1build2 arm64 [installed,automatic] +libzstd1/jammy,now 1.4.8+dfsg-3build1 arm64 [installed,automatic] +linux-azure-cloud-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-azure-headers-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 all [installed] +linux-azure-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] +linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] +linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] +linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] +linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 arm64 [installed,automatic] +linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] +linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] +login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 arm64 [installed] +logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 arm64 [installed,automatic] +logsave/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 arm64 [installed,automatic] +lsb-base/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lsb-release/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lshw/jammy,now 02.19.git.2021.06.19.996aaad9c7-2build1 arm64 [installed,automatic] +lsof/jammy,now 4.93.2+dfsg-1.1build2 arm64 [installed,automatic] +lsscsi/jammy,now 0.31-1build2 arm64 [installed] +lto-disabled-list/jammy,now 24 all [installed,automatic] +lvm2/jammy,now 2.03.11-2.1ubuntu4 arm64 [installed] +lxd-agent-loader/jammy,now 0.5 all [installed] +make/jammy,now 4.3-4.1build1 arm64 [installed] +man-db/jammy,now 2.10.2-1 arm64 [installed,automatic] +manpages/jammy,now 5.10-1ubuntu1 all [installed,automatic] +mawk/jammy,now 1.3.4.20200120-3 arm64 [installed,automatic] +mdadm/jammy-updates,now 4.2-0ubuntu2 arm64 [installed] +media-types/jammy,now 7.0.0 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu22.04u1 arm64 [installed,upgradable to: 1.7.2+azure-ubuntu22.04u1] +moby-runc/testing,jammy,now 1.1.7+azure-ubuntu22.04u2 arm64 [installed,upgradable to: 1.1.8+azure-ubuntu22.04u1] +mokutil/jammy-updates,now 0.6.0-2~22.04.1 arm64 [installed] +motd-news-config/jammy-updates,now 12ubuntu4.4 all [installed] +mount/jammy,now 2.37.2-4ubuntu3 arm64 [installed] +mtd-utils/jammy,now 1:2.1.4-1 arm64 [installed,automatic] +mtr-tiny/jammy,now 0.95-1 arm64 [installed,automatic] +multipath-tools/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 arm64 [installed] +nano/jammy,now 6.2-1 arm64 [installed,automatic] +ncurses-base/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +ncurses-bin/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 arm64 [installed] +ncurses-term/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +needrestart/jammy-updates,jammy-security,now 3.5-5ubuntu2.1 all [installed] +netbase/jammy,now 6.3 all [installed,automatic] +netcat-openbsd/jammy,now 1.218-4ubuntu1 arm64 [installed,automatic] +netcat/jammy,now 1.218-4ubuntu1 all [installed] +netplan.io/jammy-updates,now 0.105-0ubuntu2~22.04.3 arm64 [installed,automatic] +networkd-dispatcher/jammy-updates,jammy-security,now 2.1-2ubuntu0.22.04.2 all [installed,automatic] +nfs-common/jammy-updates,now 1:2.6.1-1ubuntu1.2 arm64 [installed] +nftables/jammy-updates,now 1.0.2-1ubuntu3 arm64 [installed] +ntfs-3g/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 arm64 [installed,automatic] +nvme-cli/jammy-updates,now 1.16-3ubuntu0.1 arm64 [installed] +open-iscsi/jammy,now 2.1.5-1ubuntu1 arm64 [installed] +openssh-client/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 arm64 [installed,automatic] +openssh-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 arm64 [installed] +openssh-sftp-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 arm64 [installed] +openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 arm64 [installed,automatic] +overlayroot/jammy,now 0.47ubuntu1 all [installed] +packagekit-tools/jammy,now 1.2.5-2ubuntu2 arm64 [installed,automatic] +packagekit/jammy,now 1.2.5-2ubuntu2 arm64 [installed,automatic] +packages-microsoft-prod/jammy,now 1.0-ubuntu22.04.1 all [installed] +parted/jammy,now 3.4-2build1 arm64 [installed,automatic] +passwd/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 arm64 [installed,automatic] +pastebinit/jammy,now 1.5.1-1ubuntu1 all [installed,automatic] +patch/jammy,now 2.7.6-7build2 arm64 [installed] +pci.ids/jammy,now 0.0~2022.01.22-1 all [installed,automatic] +pciutils/jammy,now 1:3.7.0-6 arm64 [installed,automatic] +perl-base/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 arm64 [installed,automatic] +perl-modules-5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 all [installed,automatic] +perl/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 arm64 [installed,automatic] +pigz/jammy,now 2.6-1 arm64 [installed] +pinentry-curses/jammy,now 1.1.1-1build2 arm64 [installed,automatic] +pkexec/jammy,now 0.105-33 arm64 [installed,automatic] +plymouth-theme-ubuntu-text/jammy,now 0.9.5+git20211018-1ubuntu3 arm64 [installed,automatic] +plymouth/jammy,now 0.9.5+git20211018-1ubuntu3 arm64 [installed,automatic] +policykit-1/jammy,now 0.105-33 arm64 [installed,automatic] +polkitd/jammy,now 0.105-33 arm64 [installed,automatic] +pollinate/jammy,now 4.33-3ubuntu2 all [installed] +powermgmt-base/jammy,now 1.36 all [installed,automatic] +procps/jammy,now 2:3.3.17-6ubuntu2 arm64 [installed,automatic] +psmisc/jammy,now 23.4-2build3 arm64 [installed,automatic] +publicsuffix/jammy,now 20211207.1025-1 all [installed,automatic] +python-apt-common/jammy-updates,now 2.4.0ubuntu2 all [installed,automatic] +python-babel-localedata/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-apt/jammy-updates,now 2.4.0ubuntu2 arm64 [installed,automatic] +python3-attr/jammy,now 21.2.0-1 all [installed,automatic] +python3-automat/jammy,now 20.2.0-1 all [installed,automatic] +python3-babel/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-bcrypt/jammy,now 3.2.0-1build1 arm64 [installed,automatic] +python3-blinker/jammy,now 1.4+dfsg1-0.4 all [installed,automatic] +python3-ceph-argparse/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +python3-ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 all [installed,automatic] +python3-cephfs/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +python3-certifi/jammy,now 2020.6.20-1 all [installed] +python3-cffi-backend/jammy,now 1.15.0-1build2 arm64 [installed,automatic] +python3-chardet/jammy,now 4.0.0-1 all [installed,automatic] +python3-click/jammy,now 8.0.3-1 all [installed,automatic] +python3-colorama/jammy,now 0.4.4-1 all [installed,automatic] +python3-commandnotfound/jammy,now 22.04.0 all [installed,automatic] +python3-configobj/jammy,now 5.0.6-5 all [installed,automatic] +python3-constantly/jammy,now 15.1.0-2 all [installed,automatic] +python3-cryptography/jammy,now 3.4.8-1ubuntu2 arm64 [installed,automatic] +python3-dbus/jammy,now 1.2.18-3build1 arm64 [installed,automatic] +python3-debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +python3-debian/jammy-updates,now 0.1.43ubuntu1.1 all [installed,automatic] +python3-distro-info/jammy-updates,now 1.1ubuntu0.1 all [installed,automatic] +python3-distro/jammy,now 1.7.0-1 all [installed,automatic] +python3-distupgrade/jammy-updates,now 1:22.04.17 all [installed,automatic] +python3-distutils/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-gdbm/jammy-updates,jammy-security,now 3.10.8-1~22.04 arm64 [installed,automatic] +python3-gi/jammy-updates,now 3.42.1-0ubuntu1 arm64 [installed,automatic] +python3-hamcrest/jammy,now 2.0.2-2 all [installed,automatic] +python3-httplib2/jammy,now 0.20.2-2 all [installed,automatic] +python3-hyperlink/jammy,now 21.0.0-3 all [installed,automatic] +python3-idna/jammy,now 3.3-1 all [installed,automatic] +python3-importlib-metadata/jammy,now 4.6.4-1 all [installed,automatic] +python3-incremental/jammy,now 21.3.0-1 all [installed,automatic] +python3-jeepney/jammy,now 0.7.1-3 all [installed,automatic] +python3-jinja2/jammy,now 3.0.3-1 all [installed] +python3-json-pointer/jammy,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/jammy,now 1.32-2 all [installed] +python3-jsonschema/jammy,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/jammy-updates,jammy-security,now 2.3.0-1ubuntu0.2 all [installed,automatic] +python3-keyring/jammy,now 23.5.0-1 all [installed,automatic] +python3-launchpadlib/jammy,now 1.10.16-1 all [installed,automatic] +python3-lazr.restfulclient/jammy,now 0.14.4-1 all [installed,automatic] +python3-lazr.uri/jammy,now 1.0.6-2 all [installed,automatic] +python3-lib2to3/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-magic/jammy,now 2:0.4.24-2 all [installed,automatic] +python3-markupsafe/jammy,now 2.0.1-2build1 arm64 [installed] +python3-minimal/jammy-updates,jammy-security,now 3.10.6-1~22.04 arm64 [installed,automatic] +python3-more-itertools/jammy,now 8.10.0-2 all [installed,automatic] +python3-netifaces/jammy,now 0.11.0-1build2 arm64 [installed,automatic] +python3-newt/jammy,now 0.52.21-5ubuntu2 arm64 [installed,automatic] +python3-oauthlib/jammy-updates,jammy-security,now 3.2.0-1ubuntu0.1 all [installed,automatic] +python3-openssl/jammy,now 21.0.0-1 all [installed,automatic] +python3-parted/jammy,now 3.11.7-1build1 arm64 [installed] +python3-pexpect/jammy,now 4.8.0-2ubuntu1 all [installed,automatic] +python3-pkg-resources/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed,automatic] +python3-prettytable/jammy,now 2.5.0-2 all [installed,automatic] +python3-ptyprocess/jammy,now 0.7.0-3 all [installed,automatic] +python3-pyasn1-modules/jammy,now 0.2.1-1 all [installed,automatic] +python3-pyasn1/jammy,now 0.4.8-1 all [installed,automatic] +python3-pyparsing/jammy,now 2.4.7-1 all [installed,automatic] +python3-pyrsistent/jammy,now 0.18.1-1build1 arm64 [installed] +python3-rados/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +python3-rbd/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 arm64 [installed,automatic] +python3-requests/jammy-updates,jammy-security,now 2.25.1+dfsg-2ubuntu0.1 all [installed] +python3-secretstorage/jammy,now 3.3.1-1 all [installed,automatic] +python3-serial/jammy,now 3.5-1 all [installed] +python3-service-identity/jammy,now 18.1.0-6 all [installed,automatic] +python3-setuptools/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed] +python3-six/jammy,now 1.16.0-3ubuntu1 all [installed,automatic] +python3-software-properties/jammy-updates,now 0.99.22.7 all [installed,automatic] +python3-twisted/jammy-updates,jammy-security,now 22.1.0-2ubuntu2.3 all [installed,automatic] +python3-tz/jammy-updates,now 2022.1-1ubuntu0.22.04.1 all [installed] +python3-update-manager/jammy-updates,now 1:22.04.10 all [installed,automatic] +python3-urllib3/jammy,now 1.26.5-1~exp1 all [installed] +python3-wadllib/jammy,now 1.3.6-1 all [installed,automatic] +python3-wcwidth/jammy,now 0.2.5+dfsg1-1 all [installed,automatic] +python3-yaml/jammy,now 5.4.1-1ubuntu1 arm64 [installed,automatic] +python3-zipp/jammy,now 1.0.0-3 all [installed,automatic] +python3-zope.interface/jammy,now 5.4.0-1build1 arm64 [installed,automatic] +python3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 arm64 [installed,automatic] +python3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 arm64 [installed,automatic] +python3/jammy-updates,jammy-security,now 3.10.6-1~22.04 arm64 [installed] +readline-common/jammy,now 8.1.2-1 all [installed,automatic] +rng-tools-debian/jammy,now 2.3 arm64 [installed] +rpcbind/jammy,now 1.2.6-2build1 arm64 [installed,automatic] +rpcsvc-proto/jammy,now 1.4.2-0ubuntu6 arm64 [installed,automatic] +rsync/jammy-updates,jammy-security,now 3.2.7-0ubuntu0.22.04.2 arm64 [installed,automatic] +rsyslog/jammy-updates,jammy-security,now 8.2112.0-2ubuntu2.2 arm64 [installed,automatic] +run-one/jammy,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/jammy,now 0.9.4-2ubuntu2 arm64 [installed] +screen/jammy,now 4.9.0-1 arm64 [installed] +secureboot-db/jammy,now 1.8 arm64 [installed] +sed/jammy,now 4.8-1ubuntu2 arm64 [installed,automatic] +sensible-utils/jammy,now 0.0.17 all [installed,automatic] +sg3-utils-udev/jammy,now 1.46-1build1 all [installed,automatic] +sg3-utils/jammy,now 1.46-1build1 arm64 [installed,automatic] +shared-mime-info/jammy,now 2.1-2 arm64 [installed,automatic] +shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 arm64 [installed] +socat/jammy,now 1.7.4.1-3ubuntu4 arm64 [installed] +software-properties-common/jammy-updates,now 0.99.22.7 all [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 arm64 [installed] +ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] +strace/jammy,now 5.16-0ubuntu3 arm64 [installed,automatic] +sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 arm64 [installed,automatic] +sysfsutils/jammy,now 2.1.1-1build1 arm64 [installed] +sysstat/jammy-updates,jammy-security,now 12.5.2-2ubuntu0.2 arm64 [installed] +systemd-hwe-hwdb/jammy-updates,now 249.11.3 all [installed,automatic] +systemd-sysv/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +systemd/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +sysvinit-utils/jammy,now 3.01-1ubuntu1 arm64 [installed] +tar/jammy-updates,jammy-security,now 1.34+dfsg-1ubuntu0.1.22.04.1 arm64 [installed,automatic] +tcl8.6/jammy,now 8.6.12+dfsg-1build1 arm64 [installed] +tcl/jammy,now 8.6.11+1build2 arm64 [installed] +tcpdump/jammy-updates,now 4.99.1-3ubuntu0.1 arm64 [installed,automatic] +telnet/jammy,now 0.17-44build1 arm64 [installed,automatic] +thin-provisioning-tools/jammy,now 0.9.0-2ubuntu1 arm64 [installed,automatic] +time/jammy,now 1.9-0.1build2 arm64 [installed,automatic] +tmux/jammy-updates,jammy-security,now 3.2a-4ubuntu0.2 arm64 [installed] +tnftp/jammy,now 20210827-4build1 arm64 [installed,automatic] +tpm-udev/jammy,now 0.6 all [installed] +traceroute/jammy,now 1:2.1.0-2 arm64 [installed] +tzdata/jammy-updates,now 2023c-0ubuntu0.22.04.2 all [installed,automatic] +u-boot-tools/jammy-updates,now 2022.01+dfsg-2ubuntu2.4 arm64 [installed,automatic] +ubuntu-advantage-tools/jammy-updates,now 28.1~22.04 arm64 [installed,automatic] +ubuntu-keyring/jammy,now 2021.03.26 all [installed,automatic] +ubuntu-minimal/jammy-updates,now 1.481.1 arm64 [installed] +ubuntu-release-upgrader-core/jammy-updates,now 1:22.04.17 all [installed,automatic] +ubuntu-standard/jammy-updates,now 1.481.1 arm64 [installed] +ucf/jammy,now 3.0043 all [installed,automatic] +udev/jammy-updates,now 249.11-0ubuntu3.9 arm64 [installed,automatic] +ufw/jammy-updates,now 0.36.1-4ubuntu0.1 all [installed,automatic] +unattended-upgrades/jammy,now 2.8ubuntu1 all [installed] +update-manager-core/jammy-updates,now 1:22.04.10 all [installed,automatic] +update-notifier-common/jammy-updates,now 3.192.54.6 all [installed] +usb-modeswitch-data/jammy,now 20191128-4 all [installed] +usb-modeswitch/jammy,now 2.6.1-3ubuntu2 arm64 [installed] +usb.ids/jammy,now 2022.04.02-1 all [installed,automatic] +usbutils/jammy,now 1:014-1build1 arm64 [installed,automatic] +usrmerge/jammy,now 25ubuntu2 all [installed,automatic] +util-linux/jammy,now 2.37.2-4ubuntu3 arm64 [installed] +uuid-runtime/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 arm64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 arm64 [installed] +walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 arm64 [installed] +wget/jammy,now 1.21.2-2ubuntu1 arm64 [installed,automatic] +whiptail/jammy,now 0.52.21-5ubuntu2 arm64 [installed,automatic] +wireless-regdb/jammy-updates,jammy-security,now 2022.06.06-0ubuntu1~22.04.1 all [installed,automatic] +xauth/jammy,now 1:1.1-1build2 arm64 [installed,automatic] +xdg-user-dirs/jammy,now 0.17-2ubuntu4 arm64 [installed,automatic] +xfsprogs/jammy,now 5.13.0-1ubuntu2 arm64 [installed] +xkb-data/jammy,now 2.33-1 all [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 arm64 [installed,automatic] +xz-utils/jammy,now 5.2.5-2ubuntu1 arm64 [installed] +zip/jammy,now 3.0-12build2 arm64 [installed] +zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 arm64 [installed,automatic] +zstd/jammy,now 1.4.8+dfsg-3build1 arm64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +/dev/root 29G 19G 11G 64% / +tmpfs 7.8G 0 7.8G 0% /dev/shm +tmpfs 3.2G 708K 3.2G 1% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +/dev/sda15 98M 6.3M 92M 7% /boot/efi +/dev/sdb1 147G 32K 140G 1% /mnt +tmpfs 1.6G 0 1.6G 0% /run/user/1000 +Using kernel: +Linux version 5.15.0-1041-azure (buildd@bos01-arm64-004) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:33:52 UTC 2023 +Install completed successfully on Tue Aug 22 17:01:44 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 22.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: False +=== os-release Begin +PRETTY_NAME="Ubuntu 22.04.3 LTS" +NAME="Ubuntu" +VERSION_ID="22.04" +VERSION="22.04.3 LTS (Jammy Jellyfish)" +VERSION_CODENAME=jammy +ID=ubuntu +ID_LIKE=debian +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +UBUNTU_CODENAME=jammy +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-image-list.json index d426e506266..e927a8b47f8 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2204gen2arm64containerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:029e28acfa0a78d29a9be5f20a060c87a74ec8523f525522acb9411121866b3b", @@ -354,15 +354,6 @@ "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" ] }, - { - "id": "sha256:7088c136b71b7d895d89ae1f8fc0c9e42a0848bfb0deddbd07b17027ca26da2a", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:712be482d236ed8355d289dd28c1741f7056eb85277340a8e5e98c1f6be759b6", "repoTags": [ @@ -408,6 +399,24 @@ "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" ] }, + { + "id": "sha256:783c2028c9db5963e5d95b3dda2a57b75c2b82ed52012c38c5bf38086f3a207e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:790c4e91f08b87b1d29a7c24131803470e6fc13158247bc8f537c4a54ccd19f1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:7967ff637bc02782a265da08a9b2fa25ed9260f5afe22fcef22114265c28bad7", "repoTags": [ @@ -471,6 +480,15 @@ "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" ] }, + { + "id": "sha256:95415170ecc2b475736e4d24d760ba081970b09974f76370061d4de3f28428d5", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:97224bdbb8d620086c3a7b353cb50f036b47241daeb459449761a33e9964ce3a", "repoTags": [ @@ -490,30 +508,30 @@ ] }, { - "id": "sha256:9b2c961742d72d17baca025c7de50a8ef7cbabcf89d713741c4278b5d515ef28", + "id": "sha256:9ad6073e60874426ff782d3294e32ad3c1576fd7ecf277de03bf6cec835ea6dc", "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" ], "repoDigests": [ - "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" ] }, { - "id": "sha256:9e3aa067aebba2ba9848865d3c407a5bb141865310a65f2021087a9a3aa64dda", + "id": "sha256:9b2c961742d72d17baca025c7de50a8ef7cbabcf89d713741c4278b5d515ef28", "repoTags": [ - "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" ], "repoDigests": [ - "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" ] }, { - "id": "sha256:a1ded08b449f78cddc547b740eaabc1cd8eb70dcf19211cc6cfccb23c0e2cec1", + "id": "sha256:9e3aa067aebba2ba9848865d3c407a5bb141865310a65f2021087a9a3aa64dda", "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" ], "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" ] }, { @@ -696,15 +714,6 @@ "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" ] }, - { - "id": "sha256:c7ddf09993fce7d508c8cd83a4d0d1114aa75cb601006642e5a7bc746579ce16", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:c7df0e05d6c807082980d57dbd2cfc59d8bde3e58f8e86a350125177dd700877", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-images-table.txt index 030c20a20c7..fe6f0ec0167 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-report.json index 5a031995beb..cb638e85098 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmwtnfepft51", + "ArtifactName": "pkrvmab9ztomukm", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmwtnfepft51 (ubuntu 22.04)", + "Target": "pkrvmab9ztomukm (ubuntu 22.04)", "Class": "os-pkgs", "Type": "ubuntu", "Vulnerabilities": [ @@ -82,10 +82,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -190,10 +191,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -235,6 +237,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -249,7 +252,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -368,10 +371,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -476,10 +480,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -521,6 +526,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -535,7 +541,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -654,10 +660,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -762,10 +769,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -807,6 +815,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -821,7 +830,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -940,10 +949,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1048,10 +1058,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1093,6 +1104,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1107,7 +1119,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1226,10 +1238,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1334,10 +1347,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1379,6 +1393,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1393,7 +1408,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1512,10 +1527,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1620,10 +1636,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1665,6 +1682,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1679,7 +1697,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1798,10 +1816,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1906,10 +1925,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1951,6 +1971,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1965,7 +1986,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2084,10 +2105,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2192,10 +2214,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -2237,6 +2260,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -2251,7 +2275,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -3893,7 +3917,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3902,7 +3928,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4052,7 +4078,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4061,7 +4089,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4211,7 +4239,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4220,7 +4250,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4370,7 +4400,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4379,7 +4411,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -4532,7 +4564,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4541,7 +4575,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest.txt index 2563e94f7c6..2f0362121d1 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204arm64containerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:14:21 UTC 2023 +Starting build on Tue Aug 22 16:27:11 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -129,15 +130,15 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 43581440 Jun 19 17:04 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 117384832 Jun 19 17:05 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 46465024 Jun 19 17:05 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:14 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:14 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 33595200 Aug 16 17:22 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 44976688 Aug 16 17:22 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 43353240 Aug 16 17:25 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 49910128 Aug 16 17:25 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 51531936 Aug 16 17:27 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 57806112 Aug 16 17:27 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 38155688 Aug 16 17:27 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-r-xr--r-- 1 root root 2462 Aug 22 16:27 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:27 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 33595200 Aug 22 16:35 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 44976688 Aug 22 16:35 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 43353240 Aug 22 16:38 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 49910128 Aug 22 16:38 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 51531936 Aug 22 16:40 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 57806112 Aug 22 16:40 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 38155688 Aug 22 16:41 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 === Installed Packages Begin Listing... adduser/jammy,now 3.118ubuntu5 all [installed,automatic] @@ -242,7 +243,7 @@ gdisk/jammy,now 1.0.8-4build1 arm64 [installed,automatic] gettext-base/jammy,now 0.21-4ubuntu4 arm64 [installed,automatic] gir1.2-glib-2.0/jammy,now 1.72.0-1 arm64 [installed,automatic] gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 arm64 [installed,automatic] -git-man/jammy-security,now 1:2.34.1-1ubuntu1.9 all [installed,upgradable to: 1:2.34.1-1ubuntu1.10] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] git/jammy-updates,now 1:2.34.1-1ubuntu1.10 arm64 [installed] glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed] glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 arm64 [installed,automatic] @@ -271,9 +272,9 @@ iftop/jammy,now 1.0~pre4-7 arm64 [installed] info/jammy,now 6.8-4build1 arm64 [installed,automatic] init-system-helpers/jammy,now 1.62 all [installed] init/jammy,now 1.62 arm64 [installed] -initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.2 arm64 [installed,automatic] -initramfs-tools-core/jammy-updates,now 0.140ubuntu13.2 all [installed,automatic] -initramfs-tools/jammy-updates,now 0.140ubuntu13.2 all [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 arm64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] inotify-tools/jammy,now 3.22.1.0-2 arm64 [installed] install-info/jammy,now 6.8-4build1 arm64 [installed,automatic] iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 arm64 [installed] @@ -601,7 +602,7 @@ libutempter0/jammy,now 1.2.1-2build2 arm64 [installed,automatic] libuuid1/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] libuv1/jammy,now 1.43.0-1 arm64 [installed,automatic] libvolume-key1/jammy,now 0.3.12-3.1build3 arm64 [installed] -libwbclient0/jammy-security,now 2:4.15.13+dfsg-0ubuntu1.2 arm64 [installed,upgradable to: 2:4.15.13+dfsg-0ubuntu1.3] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 arm64 [installed] libwrap0/jammy,now 7.6.q-31build2 arm64 [installed] libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 arm64 [installed,automatic] libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] @@ -624,17 +625,17 @@ linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] -linux-cloud-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] -linux-libc-dev/jammy-updates,now 5.15.0-79.86 arm64 [installed,automatic] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 arm64 [installed,automatic] linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 arm64 [installed] linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 arm64 [installed] -linux-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 arm64 [installed] logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 arm64 [installed,automatic] @@ -807,7 +808,7 @@ shared-mime-info/jammy,now 2.1-2 arm64 [installed,automatic] shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 arm64 [installed] socat/jammy,now 1.7.4.1-3ubuntu4 arm64 [installed] software-properties-common/jammy-updates,now 0.99.22.7 all [installed] -sosreport/jammy-updates,now 4.4-1ubuntu1.22.04.1 arm64 [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 arm64 [installed] ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] strace/jammy,now 5.16-0ubuntu3 arm64 [installed,automatic] sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 arm64 [installed,automatic] @@ -848,10 +849,10 @@ usbutils/jammy,now 1:014-1build1 arm64 [installed,automatic] usrmerge/jammy,now 25ubuntu2 all [installed,automatic] util-linux/jammy,now 2.37.2-4ubuntu3 arm64 [installed] uuid-runtime/jammy,now 2.37.2-4ubuntu3 arm64 [installed,automatic] -vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 arm64 [installed,automatic] -vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 arm64 [installed] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 arm64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 arm64 [installed] walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 arm64 [installed] wget/jammy,now 1.21.2-2ubuntu1 arm64 [installed,automatic] whiptail/jammy,now 0.52.21-5ubuntu2 arm64 [installed,automatic] @@ -860,7 +861,7 @@ xauth/jammy,now 1:1.1-1build2 arm64 [installed,automatic] xdg-user-dirs/jammy,now 0.17-2ubuntu4 arm64 [installed,automatic] xfsprogs/jammy,now 5.13.0-1ubuntu2 arm64 [installed] xkb-data/jammy,now 2.33-1 all [installed,automatic] -xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 arm64 [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 arm64 [installed,automatic] xz-utils/jammy,now 5.2.5-2ubuntu1 arm64 [installed] zip/jammy,now 3.0-12build2 arm64 [installed] zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 arm64 [installed,automatic] @@ -868,7 +869,7 @@ zstd/jammy,now 1.4.8+dfsg-3build1 arm64 [installed,automatic] === Installed Packages End Disk usage: Filesystem Size Used Avail Use% Mounted on -/dev/root 29G 19G 11G 63% / +/dev/root 29G 19G 11G 64% / tmpfs 7.8G 0 7.8G 0% /dev/shm tmpfs 3.2G 708K 3.2G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock @@ -877,10 +878,10 @@ tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.6G 0 1.6G 0% /run/user/1000 Using kernel: Linux version 5.15.0-1041-azure (buildd@bos01-arm64-004) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:33:52 UTC 2023 -Install completed successfully on Wed Aug 16 17:50:12 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:01:44 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 22.04 Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..5aa2d60db6d --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "2204gen2containerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..09254d0e67d --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0-trivy-report.json @@ -0,0 +1,4636 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvmc82wu1tve5", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "22.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvmc82wu1tve5 (ubuntu 22.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0.txt new file mode 100644 index 00000000000..956faeaa73f --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202308.22.0.txt @@ -0,0 +1,897 @@ +Starting build on Tue Aug 22 16:25:35 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:36 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:37 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:38 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +acr-mirror/now 0.1.0 amd64 [installed,local] +adduser/jammy,now 3.118ubuntu5 all [installed,automatic] +apparmor/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] +apt-transport-https/jammy-updates,now 2.4.10 all [installed] +apt-utils/jammy-updates,now 2.4.10 amd64 [installed,automatic] +apt/jammy-updates,now 2.4.10 amd64 [installed,automatic] +attr/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] +base-files/jammy-updates,now 12ubuntu4.4 amd64 [installed] +base-passwd/jammy,now 3.5.52build1 amd64 [installed] +bash-completion/jammy,now 1:2.11-5ubuntu1 all [installed,automatic] +bash/jammy,now 5.1-6ubuntu1 amd64 [installed] +bc/jammy,now 1.07.1-3build1 amd64 [installed,automatic] +bcache-tools/jammy,now 1.0.8-4ubuntu3 amd64 [installed] +bind9-dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +bind9-host/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +bind9-libs/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +binutils-common/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +binutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +blobfuse2/jammy,now 2.0.5 amd64 [installed] +bolt/jammy,now 0.9.2-1 amd64 [installed] +bsdextrautils/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +bsdutils/jammy,now 1:2.37.2-4ubuntu3 amd64 [installed] +btrfs-progs/jammy,now 5.16.2-1 amd64 [installed] +build-essential/jammy,now 12.9ubuntu3 amd64 [installed] +busybox-initramfs/jammy,now 1:1.30.1-7ubuntu3 amd64 [installed,automatic] +busybox-static/jammy,now 1:1.30.1-7ubuntu3 amd64 [installed,automatic] +byobu/jammy,now 5.133-1 all [installed] +bzip2/jammy,now 1.0.8-5build1 amd64 [installed,automatic] +ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 all [installed] +ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed] +cgroup-lite/jammy,now 1.15 all [installed] +chrony/jammy,now 4.2-2ubuntu2 amd64 [installed] +cifs-utils/jammy-updates,jammy-security,now 2:6.14-1ubuntu0.1 amd64 [installed] +cloud-guest-utils/jammy,now 0.32-22-g45fe84a5-0ubuntu1 all [installed] +cloud-init/jammy-updates,now 23.2.2-0ubuntu0~22.04.1 all [installed] +cloud-initramfs-copymods/jammy,now 0.47ubuntu1 all [installed] +cloud-initramfs-dyn-netconf/jammy,now 0.47ubuntu1 all [installed] +command-not-found/jammy,now 22.04.0 all [installed,automatic] +conntrack/jammy,now 1:1.4.6-2build2 amd64 [installed] +console-setup-linux/jammy,now 1.205ubuntu3 all [installed,automatic] +console-setup/jammy,now 1.205ubuntu3 all [installed,automatic] +coreutils/jammy,now 8.32-4.1ubuntu1 amd64 [installed,automatic] +cpio/jammy,now 2.13+dfsg-7 amd64 [installed,automatic] +cpp-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +cpp-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +cpp/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed,automatic] +cracklib-runtime/jammy,now 2.9.6-3.4build4 amd64 [installed] +cron/jammy,now 3.0pl1-137ubuntu3 amd64 [installed,automatic] +cryptsetup-bin/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +cryptsetup-initramfs/jammy-updates,now 2:2.4.3-1ubuntu1.1 all [installed,automatic] +cryptsetup/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed] +dash/jammy,now 0.5.11+git20210903+057cd650a4ed-3build1 amd64 [installed] +dbus-user-session/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +dbus/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +dctrl-tools/jammy,now 2.24-3build2 amd64 [installed,automatic] +debconf-i18n/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debianutils/jammy,now 5.5-1ubuntu2 amd64 [installed,automatic] +diffutils/jammy,now 1:3.8-0ubuntu2 amd64 [installed] +dirmngr/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed] +distro-info-data/jammy-updates,now 0.52ubuntu0.4 all [installed,automatic] +distro-info/jammy-updates,now 1.1ubuntu0.1 amd64 [installed,automatic] +dkms/jammy-updates,now 2.8.7-2ubuntu2.2 all [installed] +dmeventd/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +dmidecode/jammy-updates,now 3.3-3ubuntu0.1 amd64 [installed,automatic] +dmsetup/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 all [installed] +dosfstools/jammy,now 4.2-1build3 amd64 [installed,automatic] +dpkg-dev/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +dpkg/jammy-updates,now 1.21.1ubuntu2.2 amd64 [installed,automatic] +e2fsprogs/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +eatmydata/jammy,now 130-2build1 all [installed] +ebtables/jammy,now 2.0.11-4build2 amd64 [installed] +ed/jammy,now 1.18-1 amd64 [installed,automatic] +efibootmgr/jammy,now 17-1ubuntu2 amd64 [installed] +eject/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +ethtool/jammy,now 1:5.16-1 amd64 [installed] +fdisk/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +file/jammy,now 1:5.41-3 amd64 [installed,automatic] +finalrd/jammy,now 9build1 all [installed,automatic] +findutils/jammy,now 4.8.0-1ubuntu3 amd64 [installed] +fonts-ubuntu-console/jammy,now 0.83-6ubuntu1 all [installed] +friendly-recovery/jammy,now 0.2.42 all [installed,automatic] +ftp/jammy,now 20210827-4build1 all [installed,automatic] +fuse3/jammy,now 3.10.5-1build1 amd64 [installed] +fwupd-signed/jammy-updates,now 1.51.1~22.04.1+1.4-0ubuntu0.1 amd64 [installed] +g++-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +g++/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed,automatic] +gawk/jammy,now 1:5.1.0-1build3 amd64 [installed,automatic] +gcc-11-base/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-12-base/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed] +gdisk/jammy,now 1.0.8-4build1 amd64 [installed,automatic] +gettext-base/jammy,now 0.21-4ubuntu4 amd64 [installed,automatic] +gir1.2-glib-2.0/jammy,now 1.72.0-1 amd64 [installed,automatic] +gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 amd64 [installed] +glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed] +glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] +gnupg-utils/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gnupg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed] +gpg-agent/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg-wks-client/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg-wks-server/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgconf/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgsm/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgv/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +grep/jammy,now 3.7-1build1 amd64 [installed] +groff-base/jammy,now 1.22.4-8build1 amd64 [installed,automatic] +grub-common/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub-efi-amd64-bin/jammy-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/jammy-updates,now 1.187.3~22.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/jammy,now 0.7 amd64 [installed,automatic] +grub-pc-bin/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub-pc/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub2-common/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +gzip/jammy-updates,now 1.10-4ubuntu4.1 amd64 [installed] +hdparm/jammy,now 9.60+ds-1build3 amd64 [installed,automatic] +hostname/jammy,now 3.23ubuntu2 amd64 [installed] +htop/jammy,now 3.0.5-7build2 amd64 [installed] +iftop/jammy,now 1.0~pre4-7 amd64 [installed] +info/jammy,now 6.8-4build1 amd64 [installed,automatic] +init-system-helpers/jammy,now 1.62 all [installed] +init/jammy,now 1.62 amd64 [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 amd64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] +inotify-tools/jammy,now 3.22.1.0-2 amd64 [installed] +install-info/jammy,now 6.8-4build1 amd64 [installed,automatic] +iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 amd64 [installed] +iproute2/jammy,now 5.15.0-1ubuntu2 amd64 [installed] +ipset/jammy,now 7.15-1build1 amd64 [installed] +iptables/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed] +iputils-ping/jammy,now 3:20211215-1 amd64 [installed,automatic] +iputils-tracepath/jammy,now 3:20211215-1 amd64 [installed,automatic] +irqbalance/jammy,now 1.8.0-1build1 amd64 [installed,automatic] +isc-dhcp-client/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic] +isc-dhcp-common/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic] +iso-codes/jammy,now 4.9.0-1 all [installed,automatic] +jq/jammy,now 1.6-2.1ubuntu3 amd64 [installed] +kbd/jammy-updates,now 2.3.0-3ubuntu4.22.04 amd64 [installed,automatic] +keyboard-configuration/jammy,now 1.205ubuntu3 all [installed,automatic] +keyutils/jammy,now 1.6.1-2ubuntu3 amd64 [installed] +klibc-utils/jammy,now 2.0.10-4 amd64 [installed,automatic] +kmod/jammy,now 29-1ubuntu1 amd64 [installed] +kpartx/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 amd64 [installed,automatic] +landscape-common/jammy,now 19.12-0ubuntu13 amd64 [installed] +less/jammy-updates,jammy-security,now 590-1ubuntu0.22.04.1 amd64 [installed,automatic] +libacl1/jammy,now 2.3.1-1 amd64 [installed,automatic] +libaio1/jammy,now 0.3.112-13build1 amd64 [installed,automatic] +libapparmor1/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] +libappstream4/jammy,now 0.15.2-2 amd64 [installed,automatic] +libapt-pkg6.0/jammy-updates,now 2.4.10 amd64 [installed,automatic] +libarchive13/jammy,now 3.6.0-1ubuntu1 amd64 [installed] +libargon2-1/jammy,now 0~20171227-0.3 amd64 [installed,automatic] +libasan6/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libasan8/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libassuan0/jammy,now 2.5.5-1build1 amd64 [installed,automatic] +libatasmart4/jammy,now 0.19-5build2 amd64 [installed] +libatm1/jammy,now 1:2.5.1-4build2 amd64 [installed,automatic] +libatomic1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libattr1/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] +libaudit-common/jammy,now 1:3.0.7-1build1 all [installed,automatic] +libaudit1/jammy,now 1:3.0.7-1build1 amd64 [installed,automatic] +libbabeltrace1/jammy,now 1.5.8-2build1 amd64 [installed,automatic] +libbinutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libblkid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libblockdev-crypto2/jammy,now 2.26-1 amd64 [installed] +libblockdev-fs2/jammy,now 2.26-1 amd64 [installed] +libblockdev-loop2/jammy,now 2.26-1 amd64 [installed] +libblockdev-part-err2/jammy,now 2.26-1 amd64 [installed] +libblockdev-part2/jammy,now 2.26-1 amd64 [installed] +libblockdev-swap2/jammy,now 2.26-1 amd64 [installed] +libblockdev-utils2/jammy,now 2.26-1 amd64 [installed] +libblockdev2/jammy,now 2.26-1 amd64 [installed] +libboost-context1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-filesystem1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-iostreams1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-program-options1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-thread1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libbpf0/jammy-updates,jammy-security,now 1:0.5.0-1ubuntu22.04.1 amd64 [installed,automatic] +libbrotli1/jammy,now 1.0.9-2build6 amd64 [installed,automatic] +libbsd0/jammy,now 0.11.5-1 amd64 [installed,automatic] +libbz2-1.0/jammy,now 1.0.8-5build1 amd64 [installed,automatic] +libc-bin/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc-dev-bin/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc6-dev/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc6/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libcap-ng0/jammy,now 0.7.9-2.2build3 amd64 [installed,automatic] +libcap2-bin/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libcap2/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libcbor0.8/jammy,now 0.8.0-2ubuntu1 amd64 [installed,automatic] +libcc1-0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libcephfs2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +libcom-err2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libcrack2/jammy,now 2.9.6-3.4build4 amd64 [installed,automatic] +libcrypt-dev/jammy,now 1:4.4.27-1 amd64 [installed,automatic] +libcrypt1/jammy,now 1:4.4.27-1 amd64 [installed,automatic] +libcryptsetup12/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +libctf-nobfd0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libctf0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libcurl3-gnutls/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] +libcurl4/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] +libdaxctl1/jammy,now 72.1-1 amd64 [installed,automatic] +libdb5.3/jammy,now 5.3.28+dfsg1-0.8ubuntu3 amd64 [installed,automatic] +libdbus-1-3/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +libdebconfclient0/jammy,now 0.261ubuntu1 amd64 [installed] +libdevmapper-event1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +libdevmapper1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +libdns-export1110/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 amd64 [installed,automatic] +libdpkg-perl/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +libdrm-common/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 all [installed,automatic] +libdrm2/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 amd64 [installed,automatic] +libdw1/jammy,now 0.186-1build1 amd64 [installed,automatic] +libeatmydata1/jammy,now 130-2build1 amd64 [installed] +libedit2/jammy,now 3.1-20210910-1build1 amd64 [installed,automatic] +libefiboot1/jammy,now 37-6ubuntu2 amd64 [installed] +libefivar1/jammy,now 37-6ubuntu2 amd64 [installed] +libelf1/jammy,now 0.186-1build1 amd64 [installed,automatic] +liberror-perl/jammy,now 0.17029-1 all [installed,automatic] +libestr0/jammy,now 0.1.10-2.1build3 amd64 [installed,automatic] +libevent-core-2.1-7/jammy,now 2.1.12-stable-1build3 amd64 [installed,automatic] +libexpat1/jammy-updates,jammy-security,now 2.4.7-1ubuntu0.2 amd64 [installed,automatic] +libext2fs2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libfastjson4/jammy,now 0.99.9-1build2 amd64 [installed,automatic] +libfdisk1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libffi8/jammy,now 3.4.2-4 amd64 [installed,automatic] +libfido2-1/jammy,now 1.10.0-1 amd64 [installed,automatic] +libflashrom1/jammy,now 1.2-5build1 amd64 [installed] +libfreetype6/jammy-updates,jammy-security,now 2.11.1+dfsg-1ubuntu0.2 amd64 [installed,automatic] +libfribidi0/jammy-updates,jammy-security,now 1.0.8-2ubuntu3.1 amd64 [installed,automatic] +libftdi1-2/jammy,now 1.5-5build3 amd64 [installed] +libfuse3-3/jammy,now 3.10.5-1build1 amd64 [installed,automatic] +libfwupd2/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed] +libfwupdplugin5/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed] +libgcab-1.0-0/jammy,now 1.4-3build2 amd64 [installed] +libgcc-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcc-12-dev/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcc-s1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcrypt20/jammy,now 1.9.4-3ubuntu3 amd64 [installed,automatic] +libgdbm-compat4/jammy,now 1.23-1 amd64 [installed,automatic] +libgdbm6/jammy,now 1.23-1 amd64 [installed,automatic] +libgfapi0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfchangelog0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfrpc0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfxdr0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgirepository-1.0-1/jammy,now 1.72.0-1 amd64 [installed,automatic] +libglib2.0-0/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 amd64 [installed,automatic] +libglib2.0-bin/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 amd64 [installed,automatic] +libglib2.0-data/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 all [installed,automatic] +libglusterd0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libglusterfs0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgmp10/jammy,now 2:6.2.1+dfsg-3ubuntu1 amd64 [installed,automatic] +libgnutls30/jammy-updates,jammy-security,now 3.7.3-4ubuntu1.2 amd64 [installed,automatic] +libgomp1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgoogle-perftools4/jammy,now 2.9.1-0ubuntu3 amd64 [installed,automatic] +libgpg-error0/jammy,now 1.43-3 amd64 [installed,automatic] +libgpgme11/jammy-updates,now 1.16.0-1.2ubuntu4.1 amd64 [installed] +libgpm2/jammy,now 1.20.7-10build1 amd64 [installed,automatic] +libgssapi-krb5-2/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libgstreamer1.0-0/jammy-updates,now 1.20.3-0ubuntu1 amd64 [installed,automatic] +libgudev-1.0-0/jammy,now 1:237-2build1 amd64 [installed] +libgusb2/jammy,now 0.3.10-1 amd64 [installed] +libhogweed6/jammy,now 3.7.3-1build2 amd64 [installed,automatic] +libibverbs1/jammy,now 39.0-1 amd64 [installed,automatic] +libicu70/jammy,now 70.1-2 amd64 [installed,automatic] +libidn2-0/jammy,now 2.3.2-2build1 amd64 [installed,automatic] +libinih1/jammy,now 53-1ubuntu3 amd64 [installed,automatic] +libinotifytools0/jammy,now 3.22.1.0-2 amd64 [installed,automatic] +libintl-perl/jammy,now 1.26-3build2 all [installed,automatic] +libintl-xs-perl/jammy,now 1.26-3build2 amd64 [installed,automatic] +libip4tc2/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libip6tc2/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libipset13/jammy,now 7.15-1build1 amd64 [installed,automatic] +libisc-export1105/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 amd64 [installed,automatic] +libisl23/jammy,now 0.24-2build1 amd64 [installed,automatic] +libisns0/jammy,now 0.101-0ubuntu2 amd64 [installed,automatic] +libitm1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libjansson4/jammy,now 2.13.1-1.1build3 amd64 [installed,automatic] +libjcat1/jammy,now 0.1.9-1 amd64 [installed] +libjq1/jammy,now 1.6-2.1ubuntu3 amd64 [installed,automatic] +libjson-c5/jammy-updates,now 0.15-3~ubuntu1.22.04.1 amd64 [installed,automatic] +libjson-glib-1.0-0/jammy,now 1.6.6-1build1 amd64 [installed] +libjson-glib-1.0-common/jammy,now 1.6.6-1build1 all [installed] +libk5crypto3/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libkeyutils1/jammy,now 1.6.1-2ubuntu3 amd64 [installed,automatic] +libklibc/jammy,now 2.0.10-4 amd64 [installed,automatic] +libkmod2/jammy,now 29-1ubuntu1 amd64 [installed,automatic] +libkrb5-3/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libkrb5support0/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libksba8/jammy-updates,jammy-security,now 1.6.0-2ubuntu0.2 amd64 [installed,automatic] +libldap-2.5-0/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 amd64 [installed,automatic] +libldap-common/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 all [installed,automatic] +liblmdb0/jammy,now 0.9.24-1build2 amd64 [installed,automatic] +liblocale-gettext-perl/jammy,now 1.07-4build3 amd64 [installed,automatic] +liblsan0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +liblua5.3-0/jammy,now 5.3.6-1build1 amd64 [installed,automatic] +liblvm2cmd2.03/jammy,now 2.03.11-2.1ubuntu4 amd64 [installed,automatic] +liblz4-1/jammy,now 1.9.3-2build2 amd64 [installed,automatic] +liblzma5/jammy,now 5.2.5-2ubuntu1 amd64 [installed,automatic] +liblzo2-2/jammy,now 2.10-2build3 amd64 [installed,automatic] +libmagic-mgc/jammy,now 1:5.41-3 amd64 [installed,automatic] +libmagic1/jammy,now 1:5.41-3 amd64 [installed,automatic] +libmaxminddb0/jammy,now 1.5.2-1build2 amd64 [installed,automatic] +libmbim-glib4/jammy-updates,now 1.28.0-1~ubuntu20.04.1 amd64 [installed] +libmbim-proxy/jammy-updates,now 1.28.0-1~ubuntu20.04.1 amd64 [installed] +libmd0/jammy,now 1.0.4-1build1 amd64 [installed,automatic] +libmm-glib0/jammy-updates,now 1.20.0-1~ubuntu22.04.2 amd64 [installed] +libmnl0/jammy,now 1.0.4-3build2 amd64 [installed,automatic] +libmodule-find-perl/jammy,now 0.15-1 all [installed,automatic] +libmodule-scandeps-perl/jammy,now 1.31-1 all [installed,automatic] +libmount1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libmpc3/jammy,now 1.2.1-2build1 amd64 [installed,automatic] +libmpdec3/jammy,now 2.5.1-2build2 amd64 [installed,automatic] +libmpfr6/jammy,now 4.1.0-3build3 amd64 [installed,automatic] +libncurses6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libncursesw6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libndctl6/jammy,now 72.1-1 amd64 [installed,automatic] +libnetfilter-conntrack3/jammy,now 1.0.9-1 amd64 [installed,automatic] +libnetplan0/jammy-updates,now 0.105-0ubuntu2~22.04.3 amd64 [installed,automatic] +libnettle8/jammy,now 3.7.3-1build2 amd64 [installed,automatic] +libnewt0.52/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +libnfnetlink0/jammy,now 1.0.1-3build3 amd64 [installed,automatic] +libnfsidmap1/jammy-updates,now 1:2.6.1-1ubuntu1.2 amd64 [installed,automatic] +libnftables1/jammy-updates,now 1.0.2-1ubuntu3 amd64 [installed,automatic] +libnftnl11/jammy,now 1.2.1-1build1 amd64 [installed,automatic] +libnghttp2-14/jammy,now 1.43.0-1build3 amd64 [installed,automatic] +libnl-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnl-genl-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnl-route-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnpth0/jammy,now 1.6-3build2 amd64 [installed,automatic] +libnsl-dev/jammy,now 1.3.0-2build2 amd64 [installed,automatic] +libnsl2/jammy,now 1.3.0-2build2 amd64 [installed,automatic] +libnspr4/jammy,now 2:4.32-3build1 amd64 [installed] +libnss-systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libnss3/jammy-updates,jammy-security,now 2:3.68.2-0ubuntu1.2 amd64 [installed] +libntfs-3g89/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 amd64 [installed,automatic] +libnuma1/jammy,now 2.0.14-3ubuntu2 amd64 [installed,automatic] +liboath0/jammy,now 2.6.7-3build1 amd64 [installed,automatic] +libonig5/jammy,now 6.9.7.1-2build1 amd64 [installed,automatic] +libopeniscsiusr/jammy,now 2.1.5-1ubuntu1 amd64 [installed,automatic] +libp11-kit0/jammy,now 0.24.0-6build1 amd64 [installed,automatic] +libpackagekit-glib2-18/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +libpam-cap/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libpam-modules-bin/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libpam-modules/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libpam-pwquality/jammy,now 1.4.4-1build2 amd64 [installed] +libpam-runtime/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 all [installed,automatic] +libpam-systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libpam0g/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libparted-fs-resize0/jammy,now 3.4-2build1 amd64 [installed] +libparted2/jammy,now 3.4-2build1 amd64 [installed,automatic] +libpcap0.8/jammy,now 1.10.1-4build1 amd64 [installed,automatic] +libpci3/jammy,now 1:3.7.0-6 amd64 [installed,automatic] +libpcre2-8-0/jammy-updates,jammy-security,now 10.39-3ubuntu0.1 amd64 [installed,automatic] +libpcre3/jammy-updates,jammy-security,now 2:8.39-13ubuntu0.22.04.1 amd64 [installed,automatic] +libperl5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +libpipeline1/jammy,now 1.5.5-1 amd64 [installed,automatic] +libplymouth5/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +libpmem1/jammy,now 1.11.1-3build1 amd64 [installed,automatic] +libpmemobj1/jammy,now 1.11.1-3build1 amd64 [installed,automatic] +libpng16-16/jammy,now 1.6.37-3build5 amd64 [installed,automatic] +libpolkit-agent-1-0/jammy,now 0.105-33 amd64 [installed,automatic] +libpolkit-gobject-1-0/jammy,now 0.105-33 amd64 [installed,automatic] +libpopt0/jammy,now 1.18-3build1 amd64 [installed,automatic] +libproc-processtable-perl/jammy,now 0.634-1build1 amd64 [installed,automatic] +libprocps8/jammy,now 2:3.3.17-6ubuntu2 amd64 [installed,automatic] +libpsl5/jammy,now 0.21.0-1.2build2 amd64 [installed,automatic] +libpwquality-common/jammy,now 1.4.4-1build2 all [installed,automatic] +libpwquality-tools/jammy,now 1.4.4-1build2 amd64 [installed] +libpwquality1/jammy,now 1.4.4-1build2 amd64 [installed,automatic] +libpython3-stdlib/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed,automatic] +libpython3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libpython3.10-stdlib/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libpython3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libqmi-glib5/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 amd64 [installed] +libqmi-proxy/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 amd64 [installed] +libquadmath0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +librabbitmq4/jammy,now 0.10.0-1ubuntu2 amd64 [installed,automatic] +librados2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +libradosstriper1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +librbd1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +librdmacm1/jammy,now 39.0-1 amd64 [installed,automatic] +libreadline8/jammy,now 8.1.2-1 amd64 [installed,automatic] +librtmp1/jammy,now 2.4+20151223.gitfa8646d.1-2build4 amd64 [installed,automatic] +libsasl2-2/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libsasl2-modules-db/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libsasl2-modules/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libseccomp2/jammy,now 2.5.3-2ubuntu2 amd64 [installed,automatic] +libselinux1/jammy,now 3.3-1build2 amd64 [installed,automatic] +libsemanage-common/jammy,now 3.3-1build2 all [installed,automatic] +libsemanage2/jammy,now 3.3-1build2 amd64 [installed,automatic] +libsensors-config/jammy,now 1:3.6.0-7ubuntu1 all [installed,automatic] +libsensors5/jammy,now 1:3.6.0-7ubuntu1 amd64 [installed,automatic] +libsepol2/jammy,now 3.3-1build1 amd64 [installed,automatic] +libsgutils2-2/jammy,now 1.46-1build1 amd64 [installed,automatic] +libsigsegv2/jammy,now 2.13-1ubuntu3 amd64 [installed,automatic] +libslang2/jammy,now 2.3.2-5build4 amd64 [installed,automatic] +libsmartcols1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libsmbios-c2/jammy,now 2.4.3-1build1 amd64 [installed] +libsnappy1v5/jammy,now 1.1.8-1build3 amd64 [installed,automatic] +libsodium23/jammy,now 1.0.18-1build2 amd64 [installed,automatic] +libsort-naturally-perl/jammy,now 1.03-2 all [installed,automatic] +libsqlite3-0/jammy-updates,jammy-security,now 3.37.2-2ubuntu0.1 amd64 [installed,automatic] +libss2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libssh-4/jammy-updates,jammy-security,now 0.9.6-2ubuntu0.22.04.1 amd64 [installed,automatic] +libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 amd64 [installed,automatic] +libstdc++-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libstdc++6/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libstemmer0d/jammy,now 2.2.0-1build1 amd64 [installed,automatic] +libsysfs2/jammy,now 2.1.1-1build1 amd64 [installed,automatic] +libsystemd0/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libtalloc2/jammy,now 2.3.3-2build1 amd64 [installed] +libtasn1-6/jammy,now 4.18.0-4build1 amd64 [installed,automatic] +libtcl8.6/jammy,now 8.6.12+dfsg-1build1 amd64 [installed] +libtcmalloc-minimal4/jammy,now 2.9.1-0ubuntu3 amd64 [installed,automatic] +libterm-readkey-perl/jammy,now 2.38-1build4 amd64 [installed,automatic] +libtevent0/jammy,now 0.11.0-1build1 amd64 [installed] +libtext-charwidth-perl/jammy,now 0.04-10build3 amd64 [installed,automatic] +libtext-iconv-perl/jammy,now 1.7-7build3 amd64 [installed,automatic] +libtext-wrapi18n-perl/jammy,now 0.06-9 all [installed,automatic] +libtinfo6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libtirpc-common/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 all [installed,automatic] +libtirpc-dev/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 amd64 [installed,automatic] +libtirpc3/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 amd64 [installed,automatic] +libtsan0/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libtsan2/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libtss2-esys-3.0.2-0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-mu0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-rc0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-sys1/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-cmd0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-device0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-mssim0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-swtpm0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libubsan1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libuchardet0/jammy,now 0.0.7-1build2 amd64 [installed,automatic] +libudev1/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libudisks2-0/jammy,now 2.9.4-1ubuntu2 amd64 [installed] +libunistring2/jammy,now 1.0-1 amd64 [installed,automatic] +libunwind8/jammy-updates,now 1.3.2-2build2.1 amd64 [installed,automatic] +liburcu8/jammy,now 0.13.1-1 amd64 [installed,automatic] +libusb-1.0-0/jammy-updates,now 2:1.0.25-1ubuntu2 amd64 [installed,automatic] +libutempter0/jammy,now 1.2.1-2build2 amd64 [installed,automatic] +libuuid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libuv1/jammy,now 1.43.0-1 amd64 [installed,automatic] +libvolume-key1/jammy,now 0.3.12-3.1build3 amd64 [installed] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 amd64 [installed] +libwrap0/jammy,now 7.6.q-31build2 amd64 [installed] +libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 amd64 [installed,automatic] +libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] +libxau6/jammy,now 1:1.0.9-1build5 amd64 [installed,automatic] +libxcb1/jammy,now 1.14-3ubuntu3 amd64 [installed,automatic] +libxdmcp6/jammy,now 1:1.1.3-0ubuntu5 amd64 [installed,automatic] +libxext6/jammy,now 2:1.3.4-1build1 amd64 [installed,automatic] +libxml2/jammy-updates,jammy-security,now 2.9.13+dfsg-1ubuntu0.3 amd64 [installed,automatic] +libxmlb2/jammy,now 0.3.6-2build1 amd64 [installed,automatic] +libxmuu1/jammy,now 2:1.1.3-3 amd64 [installed,automatic] +libxtables12/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libxxhash0/jammy,now 0.8.1-1 amd64 [installed,automatic] +libyaml-0-2/jammy,now 0.2.2-1build2 amd64 [installed,automatic] +libzstd1/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] +linux-azure-cloud-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-azure-headers-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 all [installed] +linux-azure-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] +linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] +linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 amd64 [installed,automatic] +linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] +login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed] +logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 amd64 [installed,automatic] +logsave/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +lsb-base/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lsb-release/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lshw/jammy,now 02.19.git.2021.06.19.996aaad9c7-2build1 amd64 [installed,automatic] +lsof/jammy,now 4.93.2+dfsg-1.1build2 amd64 [installed,automatic] +lsscsi/jammy,now 0.31-1build2 amd64 [installed] +lto-disabled-list/jammy,now 24 all [installed,automatic] +lvm2/jammy,now 2.03.11-2.1ubuntu4 amd64 [installed] +lxd-agent-loader/jammy,now 0.5 all [installed] +make/jammy,now 4.3-4.1build1 amd64 [installed] +man-db/jammy,now 2.10.2-1 amd64 [installed,automatic] +manpages/jammy,now 5.10-1ubuntu1 all [installed,automatic] +mawk/jammy,now 1.3.4.20200120-3 amd64 [installed,automatic] +mdadm/jammy-updates,now 4.2-0ubuntu2 amd64 [installed] +media-types/jammy,now 7.0.0 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu22.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu22.04u1] +moby-runc/testing,jammy,now 1.1.7+azure-ubuntu22.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu22.04u1] +mokutil/jammy-updates,now 0.6.0-2~22.04.1 amd64 [installed] +motd-news-config/jammy-updates,now 12ubuntu4.4 all [installed] +mount/jammy,now 2.37.2-4ubuntu3 amd64 [installed] +mtr-tiny/jammy,now 0.95-1 amd64 [installed,automatic] +multipath-tools/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 amd64 [installed] +nano/jammy,now 6.2-1 amd64 [installed,automatic] +ncurses-base/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +ncurses-bin/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed] +ncurses-term/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +needrestart/jammy-updates,jammy-security,now 3.5-5ubuntu2.1 all [installed] +netbase/jammy,now 6.3 all [installed,automatic] +netcat-openbsd/jammy,now 1.218-4ubuntu1 amd64 [installed,automatic] +netcat/jammy,now 1.218-4ubuntu1 all [installed] +netplan.io/jammy-updates,now 0.105-0ubuntu2~22.04.3 amd64 [installed,automatic] +networkd-dispatcher/jammy-updates,jammy-security,now 2.1-2ubuntu0.22.04.2 all [installed,automatic] +nfs-common/jammy-updates,now 1:2.6.1-1ubuntu1.2 amd64 [installed] +nftables/jammy-updates,now 1.0.2-1ubuntu3 amd64 [installed] +ntfs-3g/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 amd64 [installed,automatic] +nvme-cli/jammy-updates,now 1.16-3ubuntu0.1 amd64 [installed] +open-iscsi/jammy,now 2.1.5-1ubuntu1 amd64 [installed] +openssh-client/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed,automatic] +openssh-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed] +openssh-sftp-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed] +openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 amd64 [installed,automatic] +os-prober/jammy,now 1.79ubuntu2 amd64 [installed,automatic] +overlayroot/jammy,now 0.47ubuntu1 all [installed] +packagekit-tools/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +packagekit/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +packages-microsoft-prod/jammy,now 1.0-ubuntu22.04.1 all [installed] +parted/jammy,now 3.4-2build1 amd64 [installed,automatic] +passwd/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed,automatic] +pastebinit/jammy,now 1.5.1-1ubuntu1 all [installed,automatic] +patch/jammy,now 2.7.6-7build2 amd64 [installed] +pci.ids/jammy,now 0.0~2022.01.22-1 all [installed,automatic] +pciutils/jammy,now 1:3.7.0-6 amd64 [installed,automatic] +perl-base/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +perl-modules-5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 all [installed,automatic] +perl/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +pigz/jammy,now 2.6-1 amd64 [installed] +pinentry-curses/jammy,now 1.1.1-1build2 amd64 [installed,automatic] +pkexec/jammy,now 0.105-33 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +plymouth/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +policykit-1/jammy,now 0.105-33 amd64 [installed,automatic] +polkitd/jammy,now 0.105-33 amd64 [installed,automatic] +pollinate/jammy,now 4.33-3ubuntu2 all [installed] +powermgmt-base/jammy,now 1.36 all [installed,automatic] +procps/jammy,now 2:3.3.17-6ubuntu2 amd64 [installed,automatic] +psmisc/jammy,now 23.4-2build3 amd64 [installed,automatic] +publicsuffix/jammy,now 20211207.1025-1 all [installed,automatic] +python-apt-common/jammy-updates,now 2.4.0ubuntu2 all [installed,automatic] +python-babel-localedata/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-apt/jammy-updates,now 2.4.0ubuntu2 amd64 [installed,automatic] +python3-attr/jammy,now 21.2.0-1 all [installed,automatic] +python3-automat/jammy,now 20.2.0-1 all [installed,automatic] +python3-babel/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-bcrypt/jammy,now 3.2.0-1build1 amd64 [installed,automatic] +python3-blinker/jammy,now 1.4+dfsg1-0.4 all [installed,automatic] +python3-ceph-argparse/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 all [installed,automatic] +python3-cephfs/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-certifi/jammy,now 2020.6.20-1 all [installed] +python3-cffi-backend/jammy,now 1.15.0-1build2 amd64 [installed,automatic] +python3-chardet/jammy,now 4.0.0-1 all [installed,automatic] +python3-click/jammy,now 8.0.3-1 all [installed,automatic] +python3-colorama/jammy,now 0.4.4-1 all [installed,automatic] +python3-commandnotfound/jammy,now 22.04.0 all [installed,automatic] +python3-configobj/jammy,now 5.0.6-5 all [installed,automatic] +python3-constantly/jammy,now 15.1.0-2 all [installed,automatic] +python3-cryptography/jammy,now 3.4.8-1ubuntu2 amd64 [installed,automatic] +python3-dbus/jammy,now 1.2.18-3build1 amd64 [installed,automatic] +python3-debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +python3-debian/jammy-updates,now 0.1.43ubuntu1.1 all [installed,automatic] +python3-distro-info/jammy-updates,now 1.1ubuntu0.1 all [installed,automatic] +python3-distro/jammy,now 1.7.0-1 all [installed,automatic] +python3-distupgrade/jammy-updates,now 1:22.04.17 all [installed,automatic] +python3-distutils/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-gdbm/jammy-updates,jammy-security,now 3.10.8-1~22.04 amd64 [installed,automatic] +python3-gi/jammy-updates,now 3.42.1-0ubuntu1 amd64 [installed,automatic] +python3-hamcrest/jammy,now 2.0.2-2 all [installed,automatic] +python3-httplib2/jammy,now 0.20.2-2 all [installed,automatic] +python3-hyperlink/jammy,now 21.0.0-3 all [installed,automatic] +python3-idna/jammy,now 3.3-1 all [installed,automatic] +python3-importlib-metadata/jammy,now 4.6.4-1 all [installed,automatic] +python3-incremental/jammy,now 21.3.0-1 all [installed,automatic] +python3-jeepney/jammy,now 0.7.1-3 all [installed,automatic] +python3-jinja2/jammy,now 3.0.3-1 all [installed] +python3-json-pointer/jammy,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/jammy,now 1.32-2 all [installed] +python3-jsonschema/jammy,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/jammy-updates,jammy-security,now 2.3.0-1ubuntu0.2 all [installed,automatic] +python3-keyring/jammy,now 23.5.0-1 all [installed,automatic] +python3-launchpadlib/jammy,now 1.10.16-1 all [installed,automatic] +python3-lazr.restfulclient/jammy,now 0.14.4-1 all [installed,automatic] +python3-lazr.uri/jammy,now 1.0.6-2 all [installed,automatic] +python3-lib2to3/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-magic/jammy,now 2:0.4.24-2 all [installed,automatic] +python3-markupsafe/jammy,now 2.0.1-2build1 amd64 [installed] +python3-minimal/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed,automatic] +python3-more-itertools/jammy,now 8.10.0-2 all [installed,automatic] +python3-netifaces/jammy,now 0.11.0-1build2 amd64 [installed,automatic] +python3-newt/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +python3-oauthlib/jammy-updates,jammy-security,now 3.2.0-1ubuntu0.1 all [installed,automatic] +python3-openssl/jammy,now 21.0.0-1 all [installed,automatic] +python3-parted/jammy,now 3.11.7-1build1 amd64 [installed] +python3-pexpect/jammy,now 4.8.0-2ubuntu1 all [installed,automatic] +python3-pkg-resources/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed,automatic] +python3-prettytable/jammy,now 2.5.0-2 all [installed,automatic] +python3-ptyprocess/jammy,now 0.7.0-3 all [installed,automatic] +python3-pyasn1-modules/jammy,now 0.2.1-1 all [installed,automatic] +python3-pyasn1/jammy,now 0.4.8-1 all [installed,automatic] +python3-pyparsing/jammy,now 2.4.7-1 all [installed,automatic] +python3-pyrsistent/jammy,now 0.18.1-1build1 amd64 [installed] +python3-rados/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-rbd/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-requests/jammy-updates,jammy-security,now 2.25.1+dfsg-2ubuntu0.1 all [installed] +python3-secretstorage/jammy,now 3.3.1-1 all [installed,automatic] +python3-serial/jammy,now 3.5-1 all [installed] +python3-service-identity/jammy,now 18.1.0-6 all [installed,automatic] +python3-setuptools/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed] +python3-six/jammy,now 1.16.0-3ubuntu1 all [installed,automatic] +python3-software-properties/jammy-updates,now 0.99.22.7 all [installed,automatic] +python3-twisted/jammy-updates,jammy-security,now 22.1.0-2ubuntu2.3 all [installed,automatic] +python3-tz/jammy-updates,now 2022.1-1ubuntu0.22.04.1 all [installed] +python3-update-manager/jammy-updates,now 1:22.04.10 all [installed,automatic] +python3-urllib3/jammy,now 1.26.5-1~exp1 all [installed] +python3-wadllib/jammy,now 1.3.6-1 all [installed,automatic] +python3-wcwidth/jammy,now 0.2.5+dfsg1-1 all [installed,automatic] +python3-yaml/jammy,now 5.4.1-1ubuntu1 amd64 [installed,automatic] +python3-zipp/jammy,now 1.0.0-3 all [installed,automatic] +python3-zope.interface/jammy,now 5.4.0-1build1 amd64 [installed,automatic] +python3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +python3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +python3/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed] +readline-common/jammy,now 8.1.2-1 all [installed,automatic] +rng-tools-debian/jammy,now 2.3 amd64 [installed] +rpcbind/jammy,now 1.2.6-2build1 amd64 [installed,automatic] +rpcsvc-proto/jammy,now 1.4.2-0ubuntu6 amd64 [installed,automatic] +rsync/jammy-updates,jammy-security,now 3.2.7-0ubuntu0.22.04.2 amd64 [installed,automatic] +rsyslog/jammy-updates,jammy-security,now 8.2112.0-2ubuntu2.2 amd64 [installed,automatic] +run-one/jammy,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/jammy,now 0.9.4-2ubuntu2 amd64 [installed] +screen/jammy,now 4.9.0-1 amd64 [installed] +secureboot-db/jammy,now 1.8 amd64 [installed] +sed/jammy,now 4.8-1ubuntu2 amd64 [installed,automatic] +sensible-utils/jammy,now 0.0.17 all [installed,automatic] +sg3-utils-udev/jammy,now 1.46-1build1 all [installed,automatic] +sg3-utils/jammy,now 1.46-1build1 amd64 [installed,automatic] +shared-mime-info/jammy,now 2.1-2 amd64 [installed,automatic] +shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 amd64 [installed] +socat/jammy,now 1.7.4.1-3ubuntu4 amd64 [installed] +software-properties-common/jammy-updates,now 0.99.22.7 all [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 amd64 [installed] +ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] +strace/jammy,now 5.16-0ubuntu3 amd64 [installed,automatic] +sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 amd64 [installed,automatic] +sysfsutils/jammy,now 2.1.1-1build1 amd64 [installed] +sysstat/jammy-updates,jammy-security,now 12.5.2-2ubuntu0.2 amd64 [installed] +systemd-hwe-hwdb/jammy-updates,now 249.11.3 all [installed,automatic] +systemd-sysv/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +sysvinit-utils/jammy,now 3.01-1ubuntu1 amd64 [installed] +tar/jammy-updates,jammy-security,now 1.34+dfsg-1ubuntu0.1.22.04.1 amd64 [installed,automatic] +tcl8.6/jammy,now 8.6.12+dfsg-1build1 amd64 [installed] +tcl/jammy,now 8.6.11+1build2 amd64 [installed] +tcpdump/jammy-updates,now 4.99.1-3ubuntu0.1 amd64 [installed,automatic] +telnet/jammy,now 0.17-44build1 amd64 [installed,automatic] +thin-provisioning-tools/jammy,now 0.9.0-2ubuntu1 amd64 [installed,automatic] +time/jammy,now 1.9-0.1build2 amd64 [installed,automatic] +tmux/jammy-updates,jammy-security,now 3.2a-4ubuntu0.2 amd64 [installed] +tnftp/jammy,now 20210827-4build1 amd64 [installed,automatic] +tpm-udev/jammy,now 0.6 all [installed] +traceroute/jammy,now 1:2.1.0-2 amd64 [installed] +tzdata/jammy-updates,now 2023c-0ubuntu0.22.04.2 all [installed,automatic] +ubuntu-advantage-tools/jammy-updates,now 28.1~22.04 amd64 [installed,automatic] +ubuntu-keyring/jammy,now 2021.03.26 all [installed,automatic] +ubuntu-minimal/jammy-updates,now 1.481.1 amd64 [installed] +ubuntu-release-upgrader-core/jammy-updates,now 1:22.04.17 all [installed,automatic] +ubuntu-standard/jammy-updates,now 1.481.1 amd64 [installed] +ucf/jammy,now 3.0043 all [installed,automatic] +udev/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +ufw/jammy-updates,now 0.36.1-4ubuntu0.1 all [installed,automatic] +unattended-upgrades/jammy,now 2.8ubuntu1 all [installed] +update-manager-core/jammy-updates,now 1:22.04.10 all [installed,automatic] +update-notifier-common/jammy-updates,now 3.192.54.6 all [installed] +usb-modeswitch-data/jammy,now 20191128-4 all [installed] +usb-modeswitch/jammy,now 2.6.1-3ubuntu2 amd64 [installed] +usb.ids/jammy,now 2022.04.02-1 all [installed,automatic] +usbutils/jammy,now 1:014-1build1 amd64 [installed,automatic] +usrmerge/jammy,now 25ubuntu2 all [installed,automatic] +util-linux/jammy,now 2.37.2-4ubuntu3 amd64 [installed] +uuid-runtime/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed] +walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 amd64 [installed] +wget/jammy,now 1.21.2-2ubuntu1 amd64 [installed,automatic] +whiptail/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +wireless-regdb/jammy-updates,jammy-security,now 2022.06.06-0ubuntu1~22.04.1 all [installed,automatic] +xauth/jammy,now 1:1.1-1build2 amd64 [installed,automatic] +xdg-user-dirs/jammy,now 0.17-2ubuntu4 amd64 [installed,automatic] +xfsprogs/jammy,now 5.13.0-1ubuntu2 amd64 [installed] +xkb-data/jammy,now 2.33-1 all [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed] +zip/jammy,now 3.0-12build2 amd64 [installed] +zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 amd64 [installed,automatic] +zstd/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +/dev/root 29G 23G 6.9G 77% / +tmpfs 3.9G 0 3.9G 0% /dev/shm +tmpfs 1.6G 692K 1.6G 1% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +/dev/sda15 105M 6.1M 99M 6% /boot/efi +/dev/sdb1 16G 28K 15G 1% /mnt +tmpfs 794M 0 794M 0% /run/user/1000 +Using kernel: +Linux version 5.15.0-1041-azure (buildd@lcy02-amd64-062) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 +Install completed successfully on Tue Aug 22 17:04:13 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 22.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: +=== os-release Begin +PRETTY_NAME="Ubuntu 22.04.3 LTS" +NAME="Ubuntu" +VERSION_ID="22.04" +VERSION="22.04.3 LTS (Jammy Jellyfish)" +VERSION_CODENAME=jammy +ID=ubuntu +ID_LIKE=debian +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +UBUNTU_CODENAME=jammy +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-image-list.json index 064555447be..5aa2d60db6d 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2204gen2containerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-report.json index 0dffb31fb07..09254d0e67d 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmquaygbdnnv", + "ArtifactName": "pkrvmc82wu1tve5", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmquaygbdnnv (ubuntu 22.04)", + "Target": "pkrvmc82wu1tve5 (ubuntu 22.04)", "Class": "os-pkgs", "Type": "ubuntu", "Vulnerabilities": [ @@ -82,10 +82,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -190,10 +191,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -235,6 +237,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -249,7 +252,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -368,10 +371,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -476,10 +480,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -521,6 +526,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -535,7 +541,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -654,10 +660,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -762,10 +769,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -807,6 +815,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -821,7 +830,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -940,10 +949,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1048,10 +1058,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1093,6 +1104,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1107,7 +1119,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1226,10 +1238,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1334,10 +1347,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1379,6 +1393,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1393,7 +1408,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1512,10 +1527,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1620,10 +1636,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1665,6 +1682,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1679,7 +1697,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1798,10 +1816,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1906,10 +1925,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1951,6 +1971,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1965,7 +1986,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2084,10 +2105,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2192,10 +2214,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -2237,6 +2260,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -2251,7 +2275,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -3893,7 +3917,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3902,7 +3928,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4052,7 +4078,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4061,7 +4089,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4211,7 +4239,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4220,7 +4250,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4370,7 +4400,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4379,7 +4411,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -4532,7 +4564,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4541,7 +4575,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest.txt index 46aeba9ede1..956faeaa73f 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:04 UTC 2023 +Starting build on Tue Aug 22 16:25:35 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,24 +131,24 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:13 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:13 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:18 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:18 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:18 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:20 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:36 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:37 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:37 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:38 /usr/local/bin/bpftrace === Installed Packages Begin Listing... acr-mirror/now 0.1.0 amd64 [installed,local] adduser/jammy,now 3.118ubuntu5 all [installed,automatic] apparmor/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] apt-transport-https/jammy-updates,now 2.4.10 all [installed] -apt-utils/now 2.4.9 amd64 [installed,upgradable to: 2.4.10] -apt/now 2.4.9 amd64 [installed,upgradable to: 2.4.10] +apt-utils/jammy-updates,now 2.4.10 amd64 [installed,automatic] +apt/jammy-updates,now 2.4.10 amd64 [installed,automatic] attr/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] base-files/jammy-updates,now 12ubuntu4.4 amd64 [installed] base-passwd/jammy,now 3.5.52build1 amd64 [installed] @@ -242,8 +243,8 @@ gdisk/jammy,now 1.0.8-4build1 amd64 [installed,automatic] gettext-base/jammy,now 0.21-4ubuntu4 amd64 [installed,automatic] gir1.2-glib-2.0/jammy,now 1.72.0-1 amd64 [installed,automatic] gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] -git-man/jammy-updates,jammy-security,now 1:2.34.1-1ubuntu1.9 all [installed,automatic] -git/jammy-updates,jammy-security,now 1:2.34.1-1ubuntu1.9 amd64 [installed] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 amd64 [installed] glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed] glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] @@ -273,9 +274,9 @@ iftop/jammy,now 1.0~pre4-7 amd64 [installed] info/jammy,now 6.8-4build1 amd64 [installed,automatic] init-system-helpers/jammy,now 1.62 all [installed] init/jammy,now 1.62 amd64 [installed] -initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.2 amd64 [installed,automatic] -initramfs-tools-core/jammy-updates,now 0.140ubuntu13.2 all [installed,automatic] -initramfs-tools/jammy-updates,now 0.140ubuntu13.2 all [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 amd64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] inotify-tools/jammy,now 3.22.1.0-2 amd64 [installed] install-info/jammy,now 6.8-4build1 amd64 [installed,automatic] iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 amd64 [installed] @@ -301,7 +302,7 @@ libacl1/jammy,now 2.3.1-1 amd64 [installed,automatic] libaio1/jammy,now 0.3.112-13build1 amd64 [installed,automatic] libapparmor1/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] libappstream4/jammy,now 0.15.2-2 amd64 [installed,automatic] -libapt-pkg6.0/now 2.4.9 amd64 [installed,upgradable to: 2.4.10] +libapt-pkg6.0/jammy-updates,now 2.4.10 amd64 [installed,automatic] libarchive13/jammy,now 3.6.0-1ubuntu1 amd64 [installed] libargon2-1/jammy,now 0~20171227-0.3 amd64 [installed,automatic] libasan6/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] @@ -619,17 +620,17 @@ linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-cloud-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-libc-dev/jammy-updates,now 5.15.0-79.86 amd64 [installed,automatic] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 amd64 [installed,automatic] linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed] logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 amd64 [installed,automatic] @@ -802,7 +803,7 @@ shared-mime-info/jammy,now 2.1-2 amd64 [installed,automatic] shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 amd64 [installed] socat/jammy,now 1.7.4.1-3ubuntu4 amd64 [installed] software-properties-common/jammy-updates,now 0.99.22.7 all [installed] -sosreport/jammy-updates,now 4.4-1ubuntu1.22.04.1 amd64 [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 amd64 [installed] ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] strace/jammy,now 5.16-0ubuntu3 amd64 [installed,automatic] sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 amd64 [installed,automatic] @@ -842,10 +843,10 @@ usbutils/jammy,now 1:014-1build1 amd64 [installed,automatic] usrmerge/jammy,now 25ubuntu2 all [installed,automatic] util-linux/jammy,now 2.37.2-4ubuntu3 amd64 [installed] uuid-runtime/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] -vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed,automatic] -vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed] walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 amd64 [installed] wget/jammy,now 1.21.2-2ubuntu1 amd64 [installed,automatic] whiptail/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] @@ -854,7 +855,7 @@ xauth/jammy,now 1:1.1-1build2 amd64 [installed,automatic] xdg-user-dirs/jammy,now 0.17-2ubuntu4 amd64 [installed,automatic] xfsprogs/jammy,now 5.13.0-1ubuntu2 amd64 [installed] xkb-data/jammy,now 2.33-1 all [installed,automatic] -xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed] zip/jammy,now 3.0-12build2 amd64 [installed] zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 amd64 [installed,automatic] @@ -862,7 +863,7 @@ zstd/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] === Installed Packages End Disk usage: Filesystem Size Used Avail Use% Mounted on -/dev/root 29G 22G 7.1G 76% / +/dev/root 29G 23G 6.9G 77% / tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs 1.6G 692K 1.6G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock @@ -871,10 +872,10 @@ tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 794M 0 794M 0% /run/user/1000 Using kernel: Linux version 5.15.0-1041-azure (buildd@lcy02-amd64-062) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 -Install completed successfully on Wed Aug 16 17:44:39 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:04:13 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 22.04 Hyperv generation: V2 Feature flags: None diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-image-list.json new file mode 100644 index 00000000000..60ff84b4c50 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-image-list.json @@ -0,0 +1,826 @@ +{ + "sku": "2204gen2TLcontainerd", + "imageVersion": "202308.22.0", + "imageBom": [ + { + "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1" + ], + "repoDigests": [ + "sha256:ce9b0f842b8393e09796ba606d903cc989f59b511a38554d8517f8c40f7f28fd" + ] + }, + { + "id": "sha256:0bb39340f1d49c37db54ce81258a29e165c8978d93ef1805787800a8f35d4e92", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0" + ], + "repoDigests": [ + "sha256:8a92f21baf895d04e0f8576e76d2269c8a84e7b814f930596505c9031e7a220f" + ] + }, + { + "id": "sha256:118423f7cc377517e6c27a2ed0f14c94356d9454f6f274de50364f94700f47d0", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12" + ], + "repoDigests": [ + "sha256:d746c3967ffd9647e6ce65c1d1b64fcc74bf6eed3e41495055fbdffd1a2ec7d2" + ] + }, + { + "id": "sha256:139b1a4f315bfa7ee830866540881cbe791020aa6b522339461821d1b5e1af28", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1" + ], + "repoDigests": [ + "sha256:dbf394ac8c2536238ca14d4bf2ae9a4297aed837404e631c85aa43da54a5a680" + ] + }, + { + "id": "sha256:1818adcb4554d18f5ad4784ab042d265ba365766a4d20d13fbf938f2394360ec", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6" + ], + "repoDigests": [ + "sha256:36aeffe38a6ac1d42c22b633c5aeab46d8e3f39c7e81a432b81856f8d1fd518a" + ] + }, + { + "id": "sha256:19282dbd5c83476b0222a1f7fe0a9b05996c2008f4683e01f66a1e5117440a61", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0" + ], + "repoDigests": [ + "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" + ] + }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, + { + "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3" + ], + "repoDigests": [ + "sha256:ee9dd3435201d10c94592931c0a1abe99ad798f326377a20b3aa5b9c78823ca7" + ] + }, + { + "id": "sha256:22f61499250433346cdf385f61dda1e5efb7d612f644f36d04628088c882b05e", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.6" + ], + "repoDigests": [ + "sha256:0627489ae5258a22f60004cd6d38adb57237628ade195420c52d9c4342373416" + ] + }, + { + "id": "sha256:2b4b1c4b345674fabb11873753893dd1df0c51af972d52ba1f9a2e901482bf33", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10" + ], + "repoDigests": [ + "sha256:bfa9011169c7e07f0d89ad1e8acd5db75ec95bf6fcb6b077fb826362f8470b1a" + ] + }, + { + "id": "sha256:30a82b47d3a82afd66f5092f294cbee4751d19f8b147c2f7e41f41985dc4e1ee", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612" + ], + "repoDigests": [ + "sha256:fa7aa2deeee92a253c9ebd18c5832fc55c7a1aff33f2ec2320ce80eb2205e560" + ] + }, + { + "id": "sha256:344ac3045dfd18d65abeded3e067ac8f42edb08027a5aa01cb1edd4cfed6cb98", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1" + ], + "repoDigests": [ + "sha256:970ff0ff9e95db174effa6ec2db91f2bf21e3862a4924d533b2d7546d3439ecf" + ] + }, + { + "id": "sha256:3560b5bfbdb6a0e4eb4625bf2548ba3160a13cb63136697250860fccf2a23640", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.6" + ], + "repoDigests": [ + "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" + ] + }, + { + "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6" + ], + "repoDigests": [ + "sha256:781a52c707944c8b062321ee60f737857e68165087beda5eeb17a45cd115963b" + ] + }, + { + "id": "sha256:3ec3f0197a486936a5a6a0c2319c1fb5d284557144399f685131b5043833f4ea", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0" + ], + "repoDigests": [ + "sha256:af83c896c3071b0ae4a2c201721ef32d64fe42cddf2e3bd05dfaa2fea9ad15f3" + ] + }, + { + "id": "sha256:415688a2a94d2164260d59d3d1973313e1daf7c245998a5742c0f117255403c3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2" + ], + "repoDigests": [ + "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" + ] + }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, + { + "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896" + ], + "repoDigests": [ + "sha256:97e8054c8a3d44191262928741209dc85cf2a2a548f0dba83a4fa98edb7e16b5" + ] + }, + { + "id": "sha256:4973d030453ebba0706b29c636612e8dcb299d34500ac5466ce535e0c53b866f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4" + ], + "repoDigests": [ + "sha256:44c342f04bc1c875474c5bf10bcb9453a051c804c0205f1d7bf0a617abf6107a" + ] + }, + { + "id": "sha256:560891db6a3407f975d559ffb9df857cda066d8dabb417b90c16d06aa9541e92", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1" + ], + "repoDigests": [ + "sha256:01418dc3290baaa29201dc6f05c9cbeab13b5618a3540f76d440e21608b87043" + ] + }, + { + "id": "sha256:56b125578733d7932fb708a87e0926186d05306a6cc10669ab524c1f89748b03", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6" + ], + "repoDigests": [ + "sha256:e5479071a9765b367bf4d9dc440db7e0a8a744c96a16b8d5960ab9296af4fc02" + ] + }, + { + "id": "sha256:6284cbe7030dfa0d79382ea3f86cf3b892d0ee17807b01d921e97a7877e27313", + "repoTags": [ + "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" + ], + "repoDigests": [ + "sha256:6fee210e78756207a3a32c105847c4a27fd02bcb3a458f99716484735a1b9831" + ] + }, + { + "id": "sha256:650c9bc1594cc2118ec7911f2b3d1df9710917432fae40b4f8b74aa63587d091", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5" + ], + "repoDigests": [ + "sha256:d7b6fc05b82969de106eafea8ebab5d78d9470867a695685c16c408135a426c6" + ] + }, + { + "id": "sha256:65b2c7659eb2cfe8026f95e96ffd4a9baae79e45e8e39dcaa618bced2c09f8b6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:a035d968a2a725f0103a7cd4c3dabed2c3044e8f378dc2901729f5fb3a51e44a" + ] + }, + { + "id": "sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8" + ], + "repoDigests": [ + "sha256:2cbf7f9bfe19ab4bfae6134b93cba18ffe8b2d1f04621755eb83ee9aa13ecc39" + ] + }, + { + "id": "sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4" + ], + "repoDigests": [ + "sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c" + ] + }, + { + "id": "sha256:6a16df5be865c0d90b77b498674fad302921917cad52f509386cd322fbd3ccef", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7" + ], + "repoDigests": [ + "sha256:5f3ca3906b62047815b5a87a530d9efdb3fc004130ff25b4ec2839aace8987f9" + ] + }, + { + "id": "sha256:6b7cb3431f43dedb289852f20ba70eee7464275a68682a2960fb0fd4a8ba780a", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.0" + ], + "repoDigests": [ + "sha256:192fe5d72d01225c70fb925008711d259988481a23f15d72d1b41de0ef0de6c8" + ] + }, + { + "id": "sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1" + ], + "repoDigests": [ + "sha256:77b0b6fa4e040b00f8b68833cb95f11e4aefb7815c1f473d7b484053bc0ec555" + ] + }, + { + "id": "sha256:6c94cc9b644c824d28df82a161902034f2006be18278ac29f25bf0b042731c89", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6" + ], + "repoDigests": [ + "sha256:b45ee9c8ebc82d56deef6140c754aa4d5a8759460c23fc71368a9d3b144b7bb5" + ] + }, + { + "id": "sha256:6f13f3812ec5cfe8b770fbcba0f37c9986106c9e950b29a0a2d4950a5aadb613", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4" + ], + "repoDigests": [ + "sha256:1ef910adc9030e2b7bca4083baa11123717e5f823553d4d683a2387c121260a5" + ] + }, + { + "id": "sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10" + ], + "repoDigests": [ + "sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6" + ] + }, + { + "id": "sha256:7547c37ab769cf9c0d767c56c28b64a97d18fe6624158f6218404283584f6d58", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612" + ], + "repoDigests": [ + "sha256:2db6e814d91ae0b952d7e9022b5578dea47275d56f91cffde1e15fc483a8261c" + ] + }, + { + "id": "sha256:75b290c7ac6407d3e6b8649b9f390161e13620ae11fdd5467d8732760f9918a9", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5" + ], + "repoDigests": [ + "sha256:30e859785838c9de1854436d9d4c1a3a54a0144fb1f232b20d17e7f1102d0928" + ] + }, + { + "id": "sha256:77625e4c1be3f23b2d7b4406b692315384f450e1e153e5400b760983825c64df", + "repoTags": [ + "mcr.microsoft.com/containernetworking/azure-cns:v1.5.5" + ], + "repoDigests": [ + "sha256:53db467f16a27fc6666dc91374a67f23ebb8868e697c3223e81446604b91f3c7" + ] + }, + { + "id": "sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0", + "repoTags": [ + "mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1" + ], + "repoDigests": [ + "sha256:fe9baa221a5c6743ecceb5cdf0c59840a0bf6cf65c4fe7030af361eff9542d16" + ] + }, + { + "id": "sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/pause:3.6" + ], + "repoDigests": [ + "sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df" + ] + }, + { + "id": "sha256:7b5766727664f83b96f86231a2bd633dd4c24051af357b4090cefbba38998e1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612" + ], + "repoDigests": [ + "sha256:7266a20d75370573076f3236562e7565306290ca4b072ba2ae0f0c49f2b3d350" + ] + }, + { + "id": "sha256:7b8e7ae7c6d3057b8e80ce0349d4103a739444dba5226b88ab5a347fda66792e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19" + ], + "repoDigests": [ + "sha256:f9fdc33be3d4d4d01b4c86e626e29e8e92e40ef436d1acc77caaeb95cb86b053" + ] + }, + { + "id": "sha256:7f0239fd72a8664f0cc0c4203a7bbb616d3de1b64d1dac9094a5a28fb2b750b4", + "repoTags": [ + "mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7" + ], + "repoDigests": [ + "sha256:568345a73541bdbc29874e781239b0e306d2d0327d7cfc978d2501b12936a459" + ] + }, + { + "id": "sha256:7fb91b3e5781da143b9f1a6a03e847db88d04a2231b6f8e3c94e4039d2e009ac", + "repoTags": [ + "mcr.microsoft.com/oss/calico/cni:v3.24.6" + ], + "repoDigests": [ + "sha256:205bcf1b409bfdfb910f5e41497c490dd5a35c3d41cd5a5e4f58d10735cb21b4" + ] + }, + { + "id": "sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b", + "repoTags": [ + "mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0" + ], + "repoDigests": [ + "sha256:5a52d95df783e2cb335bc8a5454d6693ae766a4563257c0152bad9fe756d5800" + ] + }, + { + "id": "sha256:8907ba29a99343e13f9ef231d0eedade4a121468d86ca780213f8d327140d3e5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12" + ], + "repoDigests": [ + "sha256:5735db598627ca42f47d060f59c21f3f72d17f0342da0097414b8b5dbdb6f492" + ] + }, + { + "id": "sha256:8989efdd57edb4b573ff73fa95a8a3808418532e5875fd64435b94634fd55a20", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55" + ], + "repoDigests": [ + "sha256:47a8284195c883f3eef6b555661f95c1ce7c4286fb83eb4eea1f5f86e5c9b047" + ] + }, + { + "id": "sha256:8b867be8be312c220a132b3448309f5e22f0eaa8b8a8af5d526563542f7da69b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1" + ], + "repoDigests": [ + "sha256:8a503cdacf9c7ff8d513d4f292fa0d0879bcd87fca1fd46bf3aac6571d8a64fa" + ] + }, + { + "id": "sha256:923badb8ff2d384b7ec7a1b7b2a9ff0ebfd574c3fbd50b8ddf9a00929dcd5f0a", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4" + ], + "repoDigests": [ + "sha256:39cf15395cd55fc84d56f912cedfde6c407b06ba80baad8503878bd863ab0b60" + ] + }, + { + "id": "sha256:9291bfabc0623025a36cb3b3701fc91cc310b2db1b8d1c2e8b1dae5fd5ecb2d9", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/operator-generic:1.12.10" + ], + "repoDigests": [ + "sha256:1ef089ebfb952785f713af55e40e4cdb8521f03330a7ace1f30a35520d0ac7dc" + ] + }, + { + "id": "sha256:93a768caa46de35da631053e99dce977233c12bf9639a99f2279826472fe7175", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15" + ], + "repoDigests": [ + "sha256:8d4322807a0afba49495df3437a847fd4e0a22a1570a2b0d1bfb510b2a28f7d6" + ] + }, + { + "id": "sha256:963969a959a09dd3b70ff62cfd53231a7cd793fff4c6fff4e355439f2bb28de3", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11" + ], + "repoDigests": [ + "sha256:76382227194c7b1a9d9b63ea87fd4301c7f159f8d340ebf7f6f6041d37e6a8cb" + ] + }, + { + "id": "sha256:9d1a132ef26d2e3a1f0bd769dfe21d49fdcdee1f6d5e17dfc148a4f8b8dca75b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4" + ], + "repoDigests": [ + "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" + ] + }, + { + "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0" + ], + "repoDigests": [ + "sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b" + ] + }, + { + "id": "sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271", + "repoTags": [ + "mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1" + ], + "repoDigests": [ + "sha256:8752217763c0b9a8a2cfc36e54f6f10482b71875cbe58074c5221a45bfc75397" + ] + }, + { + "id": "sha256:a5526f382ceb96e0555a4ee3948f14c3af49e4cf343b9bf014d0b673cfc1a8c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3" + ], + "repoDigests": [ + "sha256:d8dbf90c60277c02dc59164400a290507159155f489845e03272dec049ccb557" + ] + }, + { + "id": "sha256:a89dfaf44bc39129d5cb9d2a65be84cde86b9ff12f30cd95a4f75ae31e01764c", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.13" + ], + "repoDigests": [ + "sha256:fbe370dedf1e5b1b165f023e557db7a08077131c28ec17aab129233326014cf1" + ] + }, + { + "id": "sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0" + ], + "repoDigests": [ + "sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9" + ] + }, + { + "id": "sha256:ab21f7411a274d343a64ae4bb1da498c1d0ab7548cc93a534346c55eefdd3b77", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9" + ], + "repoDigests": [ + "sha256:af06806e09eba19964287e384d4c7eec8efb580fd10bd3ac6680359ca0762c72" + ] + }, + { + "id": "sha256:ac71c997a8a2e5f50d970e4d2be59f69a3dc73c23aecc9d6a9421ce2d7aa311d", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1" + ], + "repoDigests": [ + "sha256:0a111bdee238f4b16b58f8d2db8f3bdba67a1cbb8d0d96ca3c63cbd811b85657" + ] + }, + { + "id": "sha256:ad40add5362ee2d4f14e8ee62a5d4939a5721efd195eb48a06dea840f944e9e8", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15" + ], + "repoDigests": [ + "sha256:496c91b640adfb27654a112ed4b86afbc72753854142432c44ac6e1db8b03add" + ] + }, + { + "id": "sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94", + "repoTags": [ + "mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4" + ], + "repoDigests": [ + "sha256:9f8a781fef3f9208c7ab614ab06154b1914582672fee109dbd849e7dce0d19a5" + ] + }, + { + "id": "sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e", + "repoTags": [ + "mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1", + "mcr.microsoft.com/aks/aks-node-ca-watcher:static" + ], + "repoDigests": [ + "sha256:699c2ac69ac8d6ce09a5131f4c0ce12d1117ee6fc4aee95517d697662d2e739b" + ] + }, + { + "id": "sha256:afe8e58081536950674082d705c34ba84dc4c5e55eceabc34f81aa875cf78977", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3" + ], + "repoDigests": [ + "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" + ] + }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, + { + "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1" + ], + "repoDigests": [ + "sha256:2fdf382dd1690e8fe6d3a0ad6eed93dc71d92ea32bc5aee7adb905a17fb1342f" + ] + }, + { + "id": "sha256:badc6c47055fcc272370129a7c33cd7abf1b97402abff050bd140fcaea86fa4f", + "repoTags": [ + "mcr.microsoft.com/oss/cilium/cilium:1.12.10-1" + ], + "repoDigests": [ + "sha256:dd5f5dc9d6cd9d08e22e88069d24472145ba50d1f27ee1eb4bd1a436bdbd6273" + ] + }, + { + "id": "sha256:c21754d779c56c3aa9a447af5bb0a4ba0af662622bc886c36dd00c4024eb3f36", + "repoTags": [ + "mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0" + ], + "repoDigests": [ + "sha256:a60fa20f85167f7ca6fa4703f1ea8e3c8673786fdf5caae42b761e8687a200c8" + ] + }, + { + "id": "sha256:c2e2c073b7f31c32a4a7910ae0b738a98e2f92cebbca4e090d2d1f95bc251f65", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11" + ], + "repoDigests": [ + "sha256:fa9d8296ceede786842670c8b027b0759651bd3f0100c31fa586321dfc98aca6" + ] + }, + { + "id": "sha256:c316fa74d174e79ef8b21de7c5e30183f85c5a62e12ba493ec6c22f56036c3a4", + "repoTags": [ + "mcr.microsoft.com/oss/calico/node:v3.24.0" + ], + "repoDigests": [ + "sha256:29f9ce25204d7b5a84addf9e38a93c24d102baca40fa0eec173fce95b6af7e46" + ] + }, + { + "id": "sha256:c38f956b642366c8eeb0babfda6b0bb2aa92f27a968589804cadb445f6df72d6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3" + ], + "repoDigests": [ + "sha256:6c095f415c0c86fc233f2debabce141c50a813479a9c8163ed6e159464fa9964" + ] + }, + { + "id": "sha256:c4297d6ef231602c75ed45f94f312b611590b11b18604ad2a1dbd6db52fa85bc", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:d001cbb89e1e56eeed62575bcc9558fc00044fefb0177ea52b6311c152e5239c" + ] + }, + { + "id": "sha256:c46badf18d2552eb2b59291b464be70d9ef9aa9c076340c24e58f7f0fe194dfe", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612" + ], + "repoDigests": [ + "sha256:20080442dececb2f1d3ba49f3e20b04f37161f912b2d2898b08ec8893e767875" + ] + }, + { + "id": "sha256:c5aa889c69a0f496ea3e4a1121ac04d470e5dd233561ba9cf654d1a901b29534", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e" + ], + "repoDigests": [ + "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" + ] + }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, + { + "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", + "repoTags": [ + "mcr.microsoft.com/oss/calico/typha:v3.24.0" + ], + "repoDigests": [ + "sha256:d687defcef6410a180296ab25add058908ed8e7bf217abc7e4a773fcae2f2c58" + ] + }, + { + "id": "sha256:ccf8f09fa0badd8848e40ac25d48f6a8be4e0d183aaa40c025824afe8e206457", + "repoTags": [ + "mcr.microsoft.com/oss/tigera/operator:v1.28.0" + ], + "repoDigests": [ + "sha256:c31b8c6b0d9c0eab695e6e80f782ef92d90d022ec7b252d54dde65c3b51c2cc9" + ] + }, + { + "id": "sha256:d02da64b0241ef857f8e7bf2a10311a7c9c4ea338ff7ff42c741d1a123ea3e4c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1" + ], + "repoDigests": [ + "sha256:d3bbf3f795a97dd3f2d23d661a4bafb3cb6d2ef7a1e1f556fc5ef788c37c30ff" + ] + }, + { + "id": "sha256:d8d8810820ff9043fe0dab5c9650a2bbc5763163206bb1720190378c463b6a27", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110" + ], + "repoDigests": [ + "sha256:b10809bee2e41b7de072751e2c7bd1d407587e5ac7df2a3b2ed6b849841f7df1" + ] + }, + { + "id": "sha256:d905bf860787e8d2e1b9d5366aed2429d21bbbd8647d6418a6bcab7934ca5768", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612" + ], + "repoDigests": [ + "sha256:56361b92c77b4a3ae80c08593aa410090342b55839d6aa29ca44411677f92023" + ] + }, + { + "id": "sha256:dc3fa6e8352e5890d46fe01ab84a7761a97de3d13a3d2858af461203532ba457", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3" + ], + "repoDigests": [ + "sha256:c49553d5b948fcf5b23bed3718c797f42ebe87d7ae5f2c6f537f530b65cadaec" + ] + }, + { + "id": "sha256:df03823a60d1e716e86be12e218a034e34ea8f1c105fcedd02365ac6cf8f7753", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4" + ], + "repoDigests": [ + "sha256:aba1f7cd5d1f491e6ac525c12896d070b54cbc626ff9a99f8d94d290989bfe73" + ] + }, + { + "id": "sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20" + ], + "repoDigests": [ + "sha256:c7d5baa1ca8796a69b34562b0fe353fc2ca0cec77144ed1163ec4fb6e4089a19" + ] + }, + { + "id": "sha256:e3f8bd5de458345bd4553d2f61ba966d4124806fc75903118602ea5be3518f80", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21" + ], + "repoDigests": [ + "sha256:31dfed50cb9281dd704df0e46b0ec6157c8fab18c4d48ff560ffc34710246262" + ] + }, + { + "id": "sha256:e96d733c6e058a16efe8a4174d90163145f218f08b78e9864514ce5927413505", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5" + ], + "repoDigests": [ + "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" + ] + }, + { + "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612" + ], + "repoDigests": [ + "sha256:eabb6a6d3ae30362be6978feb3fe61521470e854885b1cebe1875ffc5f158de1" + ] + }, + { + "id": "sha256:efce2c23898ef3a1842606b72d9a7f6276ea0c0b5f9af89e1dac73a0806d9086", + "repoTags": [ + "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1" + ], + "repoDigests": [ + "sha256:4510f7d064b90b24efc01346c166c100335f0ebf8de0a69eb299f8b63018f774" + ] + }, + { + "id": "sha256:f450da74f8249b03b9ba503aed475a686dff63c934027b16cbb39054294cf931", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30" + ], + "repoDigests": [ + "sha256:639a22207bf251aaa5efc61c523013b87cab913c3925fd462106331b36ebdbef" + ] + }, + { + "id": "sha256:f5a6f60b838475d3a558f8c7171b5956ce40a33e5714f46163e5fde6fd973e44", + "repoTags": [ + "mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7" + ], + "repoDigests": [ + "sha256:794c59ff1ea3391ec92b4eaa48413380ba7351ea797d606ad31110b1e95e19bf" + ] + }, + { + "id": "sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14" + ], + "repoDigests": [ + "sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e" + ] + }, + { + "id": "sha256:f9c08604e8f414780e85e9f1962ba7d9266f8316c31df1e554f80d12752de79c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612" + ], + "repoDigests": [ + "sha256:912a981e2d7edcc2bc91f8f69e4a7f20bab44c55fd29823041bfe77ec1524fa5" + ] + }, + { + "id": "sha256:fa16a85fc719737b4239817a8e622cc787dd1c7594e63a68b52155e9d3929843", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8" + ], + "repoDigests": [ + "sha256:69ec4335573f46f8c38e6926eb9403874a68d9582e2dbef1d92fd9f8bd5e0e8d" + ] + }, + { + "id": "sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18" + ], + "repoDigests": [ + "sha256:04c0eadc6cb40e3fdd64f94ccff8ed3eda52137a17b6d086d53705b3398a46ed" + ] + }, + { + "id": "sha256:fdd9ed30bb0cf93dae8f551e645b18a8759bbe5ebc36ac5fc63c7c87cd72b14f", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1" + ], + "repoDigests": [ + "sha256:943efd5ee568892f364d7ebbad6ae664ff5660eccc3e077096fc6272d29ead16" + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-trivy-images-table.txt new file mode 100644 index 00000000000..4cc91fdb5fb --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-trivy-images-table.txt @@ -0,0 +1,2066 @@ +This contains the list of images with high and critical level CVEs (if present), that are present in the node. +Note: images without CVEs are also listed + +mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 (debian 11.5) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 (debian 11.7) +=========================================================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 (debian 11.5) +=========================================================================== +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 (cbl-mariner 2.0.20230426) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 (cbl-mariner 2.0.20230609) +============================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 (cbl-mariner 2.0.20230426) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 (cbl-mariner 2.0.20230609) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 (cbl-mariner 2.0.20230609) +============================================================================================================================================= +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ HIGH │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e (cbl-mariner 2.0.20230630) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 (cbl-mariner 2.0.20230805) +============================================================================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/microsoft/otelcollector/otelcollector (gobinary) +==================================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +opt/promconfigvalidator (gobinary) +================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬──────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼──────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.1+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴──────────────────────────────────────────────────┘ + +usr/bin/telegraf (gobinary) +=========================== +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌────────────────────────────────────┬────────────────┬──────────┬────────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────────┼────────────────┼──────────┼────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/docker │ CVE-2023-28840 │ │ v20.10.17+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ +├────────────────────────────────────┼────────────────┤ ├────────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.5.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) +========================================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) +==================================================================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ + +usr/local/bin/azure-cns (gobinary) +================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) +================================================================================= +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-2650 │ │ 1.1.1k-23.cm2 │ 1.1.1k-24.cm2 │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────┤ │ │ │ │ │ +│ openssl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ + +mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 (ubuntu 20.04) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 (debian 11.6) +============================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +opt/cni/bin/calico (gobinary) +============================= +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/calico-ipam (gobinary) +================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +opt/cni/bin/install (gobinary) +============================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/kube-controllers (gobinary) +=================================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.0 (redhat 8.7) +====================================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────┬───────────────┬──────────┬───────────────────┬──────────────────┬───────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────┼───────────────┼──────────┼───────────────────┼──────────────────┼───────────────────────────────────────────────────┤ +│ openssl-libs │ CVE-2023-0286 │ HIGH │ 1:1.1.1k-7.el8_6 │ 1:1.1.1k-9.el8_7 │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +└──────────────┴───────────────┴──────────┴───────────────────┴──────────────────┴───────────────────────────────────────────────────┘ + +usr/bin/calico-node (gobinary) +============================== +Total: 5 (HIGH: 4, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/calico/node:v3.24.6 (redhat 8.8) +====================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +code/calico-typha (gobinary) +============================ +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.11.2-0.20200112161605-a7c079c43d51+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/cilium/cilium:1.12.10 (ubuntu 20.04) +========================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 (ubuntu 20.04) +============================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 (alpine 3.15.1) +============================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) +=================================================================== +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) +=================================================================== +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) +===================================================================== +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) +=================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +proxy-agent (gobinary) +====================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.7.1 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201110031124-69a78807bb2b │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.4 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +proxy-agent (gobinary) +====================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.2.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 (debian 11.7) +============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 (debian 11.6) +================================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 (debian 11.6) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 (debian 11.7) +================================================================================ +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 (debian 11.6) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 (debian 11.7) +=============================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +coredns (gobinary) +================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.4.0 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 6 (HIGH: 6, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2021-43565 │ │ v0.0.0-20210921155107-089bfa567519 │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20211216030914-fe4d6282115f │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 3, CRITICAL: 1) + +┌────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/emicklei/go-restful │ CVE-2022-1996 │ CRITICAL │ v2.9.5+incompatible │ 2.16.0 │ Authorization Bypass Through User-Controlled Key │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1996 │ +├────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220520000938-2e3eb7b945c2 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +coredns (gobinary) +================== +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41721 │ │ │ 0.1.1-0.20221104162952-702349b0e862 │ request smuggling │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │ +│ ├────────────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 (debian 9.13) +====================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 (debian 11.3) +================================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 (debian 11.3) +==================================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 (debian 11.3) +================================================================== +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 (debian 11.3) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 (debian 11.3) +================================================================================= +Total: 25 (HIGH: 18, CRITICAL: 7) + +┌──────────────────┬────────────────┬──────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ dpkg │ CVE-2022-1664 │ CRITICAL │ 1.20.9 │ 1.20.10 │ Dpkg::Source::Archive in dpkg, the Debian package management │ +│ │ │ │ │ │ system, b ... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1664 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ gzip │ CVE-2022-1271 │ HIGH │ 1.10-4 │ 1.10-4+deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libc-bin │ CVE-2021-3999 │ │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├──────────────────┤ │ │ │ │ │ +│ libc6 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgnutls30 │ CVE-2022-2509 │ │ 3.7.1-5 │ 3.7.1-5+deb11u2 │ Double free during gnutls_pkcs7_verify │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0361 │ │ │ 3.7.1-5+deb11u3 │ timing side-channel in the TLS RSA key exchange code │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0361 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libgssapi-krb5-2 │ CVE-2022-42898 │ │ 1.18.3-6+deb11u1 │ 1.18.3-6+deb11u3 │ integer overflow vulnerabilities in PAC parsing │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-42898 │ +├──────────────────┤ │ │ │ │ │ +│ libk5crypto3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5-3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┤ │ │ │ │ │ +│ libkrb5support0 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ liblzma5 │ CVE-2022-1271 │ │ 5.2.5-2 │ 5.2.5-2.1~deb11u1 │ arbitrary-file-write vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1271 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ 10.36-2+deb11u1 │ Out-of-bounds read in compile_xclass_matchingpath in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-1587 │ │ │ │ Out-of-bounds read in get_recurse_data_length in │ +│ │ │ │ │ │ pcre2_jit_compile.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │ +├──────────────────┼────────────────┤ ├───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-1292 │ │ 1.1.1n-0+deb11u1 │ 1.1.1n-0+deb11u2 │ c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1292 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-2068 │ │ │ 1.1.1n-0+deb11u3 │ the c_rehash script allows command injection │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2068 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-4450 │ HIGH │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├────────────────┤ │ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtasn1-6 │ CVE-2021-46848 │ CRITICAL │ 4.16.0-2 │ 4.16.0-2+deb11u1 │ libtasn1: Out-of-bound access in ETYPE_OK │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46848 │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ libtirpc-common │ CVE-2021-46828 │ HIGH │ 1.3.1-1 │ 1.3.1-1+deb11u1 │ libtirpc: DoS vulnerability with lots of connections │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46828 │ +├──────────────────┤ │ │ │ │ │ +│ libtirpc3 │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────────┼────────────────┼──────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2 │ 1:1.2.11.dfsg-2+deb11u2 │ heap-based buffer over-read and overflow in inflate() in │ +│ │ │ │ │ │ inflate.c via a large... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │ +│ ├────────────────┼──────────┤ ├─────────────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2018-25032 │ HIGH │ │ 1:1.2.11.dfsg-2+deb11u1 │ A flaw found in zlib when compressing (not decompressing) │ +│ │ │ │ │ │ certain inputs │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-25032 │ +└──────────────────┴────────────────┴──────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 (debian 11.4) +================================================================== +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 (debian 11.4) +================================================================================= +Total: 11 (HIGH: 11, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libc6 │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ 2.31-13+deb11u4 │ Off-by-one buffer overflow/underflow in getcwd() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │ +├───────────┼───────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.3 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 3 (HIGH: 3, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +├────────────────────────────────┼────────────────┤ ├──────────────────────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-41723 │ │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +└────────────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 (debian 11.5) +================================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 (debian 11.5) +================================================================= +Total: 10 (HIGH: 10, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2022-4450 │ HIGH │ 1.1.1n-0+deb11u3 │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2022-4450 │ │ │ 1.1.1n-0+deb11u4 │ double free after calling PEM_read_bio_ex │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4450 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0215 │ │ │ │ use-after-free following BIO_new_NDEF │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0215 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0286 │ │ │ │ X.400 address type confusion in X.509 GeneralName │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0286 │ +│ ├───────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0464 │ │ │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 (debian 11.6) +================================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 2 (HIGH: 2, CRITICAL: 0) + +┌────────────────────────────────┬────────────────┬──────────┬─────────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼────────────────┼──────────┼─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +├────────────────────────────────┼────────────────┤ ├─────────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ +│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ +└────────────────────────────────┴────────────────┴──────────┴─────────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 (debian 11.6) +================================================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌───────────┬───────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├───────────┼───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ │ │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└───────────┴───────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ + +usr/local/bin/kube-proxy (gobinary) +=================================== +Total: 1 (HIGH: 1, CRITICAL: 0) + +┌────────────────────────────────┬───────────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────────────────────┼───────────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────┤ +│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ +└────────────────────────────────┴───────────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────┘ + +mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 (debian 11.6) +==================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 (ubuntu 20.04) +======================================================================= +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/bin/config-manager (gobinary) +================================= +Total: 8 (HIGH: 8, CRITICAL: 0) + +┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/crypto │ CVE-2020-29652 │ HIGH │ v0.0.0-20200622213623-75b288015ac9 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ +│ │ │ │ │ │ to nil pointer dereference │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +usr/bin/nvidia-device-plugin (gobinary) +======================================= +Total: 5 (HIGH: 5, CRITICAL: 0) + +┌───────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2021-33194 │ HIGH │ v0.0.0-20201021035429-f5854403a974 │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├───────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2021-38561 │ │ v0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ +│ │ │ │ │ │ DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└───────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 (debian 11.6) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 (debian 11.7) +======================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + +usr/local/bin/operator (gobinary) +================================= +Total: 4 (HIGH: 4, CRITICAL: 0) + +┌─────────────────────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ v1.11.0 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/net │ CVE-2022-27664 │ │ v0.0.0-20220425223048-2871e0cb64e4 │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ +│ ├────────────────┤ │ ├───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ +├─────────────────────────────────────┼────────────────┤ ├────────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────────┤ +│ golang.org/x/text │ CVE-2022-32149 │ │ v0.3.7 │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ +└─────────────────────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────────┘ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-trivy-report.json new file mode 100644 index 00000000000..d9d05a257c2 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0-trivy-report.json @@ -0,0 +1,4636 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "pkrvm83vlu31vim", + "ArtifactType": "filesystem", + "Metadata": { + "OS": { + "Family": "ubuntu", + "Name": "22.04" + }, + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pkrvm83vlu31vim (ubuntu 22.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-cloud-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-cloud-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-headers-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-headers-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-azure-tools-5.15.0-1041@5.15.0-1041.48", + "PkgName": "linux-azure-tools-5.15.0-1041", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-cloud-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-cloud-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-headers-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-headers-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-modules-extra-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-modules-extra-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3090", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3090", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "out-of-bounds write caused by unclear skb-\u003ecb", + "Description": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb-\u003ecb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:4378", + "https://access.redhat.com/security/cve/CVE-2023-3090", + "https://bugzilla.redhat.com/2151317", + "https://bugzilla.redhat.com/2187257", + "https://bugzilla.redhat.com/2193219", + "https://bugzilla.redhat.com/2215768", + "https://bugzilla.redhat.com/2218672", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090", + "https://errata.almalinux.org/9/ALSA-2023-4378.html", + "https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e", + "https://linux.oracle.com/cve/CVE-2023-3090.html", + "https://linux.oracle.com/errata/ELSA-2023-4377.html", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3090", + "https://security.netapp.com/advisory/ntap-20230731-0002/", + "https://ubuntu.com/security/notices/USN-6231-1", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3090", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31248", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31248", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free in nft_chain_lookup_byid()", + "Description": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://access.redhat.com/security/cve/CVE-2023-31248", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31248", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31248", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/2", + "https://www.zerodayinitiative.com/advisories/ZDI-23-899/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3389", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3389", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer", + "Description": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3389", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389", + "https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663", + "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04", + "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3389", + "https://security.netapp.com/advisory/ntap-20230731-0001/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6249-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" + ], + "PublishedDate": "2023-06-28T20:15:00Z", + "LastModifiedDate": "2023-08-19T18:16:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3390", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests", + "Description": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390", + "https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97", + "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3390", + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5461" + ], + "PublishedDate": "2023-06-28T21:15:00Z", + "LastModifiedDate": "2023-08-18T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-35001", + "PkgID": "linux-tools-5.15.0-1041-azure@5.15.0-1041.48", + "PkgName": "linux-tools-5.15.0-1041-azure", + "InstalledVersion": "5.15.0-1041.48", + "FixedVersion": "5.15.0-1042.49", + "Layer": {}, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-35001", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "stack-out-of-bounds-read in nft_byteorder_eval()", + "Description": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "http://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://access.redhat.com/security/cve/CVE-2023-35001", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-35001", + "https://ubuntu.com/security/notices/USN-6246-1", + "https://ubuntu.com/security/notices/USN-6247-1", + "https://ubuntu.com/security/notices/USN-6248-1", + "https://ubuntu.com/security/notices/USN-6250-1", + "https://ubuntu.com/security/notices/USN-6251-1", + "https://ubuntu.com/security/notices/USN-6252-1", + "https://ubuntu.com/security/notices/USN-6254-1", + "https://ubuntu.com/security/notices/USN-6255-1", + "https://ubuntu.com/security/notices/USN-6260-1", + "https://ubuntu.com/security/notices/USN-6261-1", + "https://ubuntu.com/security/notices/USN-6285-1", + "https://www.cve.org/CVERecord?id=CVE-2023-35001", + "https://www.debian.org/security/2023/dsa-5453", + "https://www.openwall.com/lists/oss-security/2023/07/05/3", + "https://www.zerodayinitiative.com/advisories/ZDI-23-900/" + ], + "PublishedDate": "2023-07-05T19:15:00Z", + "LastModifiedDate": "2023-08-02T17:15:00Z" + } + ] + }, + { + "Target": "home/packer/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-30551", + "PkgName": "github.com/sigstore/rekor", + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.1.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-30551", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Rekor's compressed archives can result in OOM conditions", + "Description": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/advisories/GHSA-2h5h-59f5-c5x9", + "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48", + "https://github.com/sigstore/rekor/releases/tag/v1.1.1", + "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9", + "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + ], + "PublishedDate": "2023-05-08T16:15:00Z", + "LastModifiedDate": "2023-05-12T16:27:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.4.43/azure-vnet-ipamv6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-overlay-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/azure-vnet-cni-swift-linux-amd64-v1.4.43/azure-vnet-ipam", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bandwidth", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/bridge", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/dhcp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/firewall", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-device", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/host-local", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ipvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/loopback", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/macvlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/portmap", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/ptp", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/sbr", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/tuning", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vlan", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "opt/cni/downloads/cni-plugins-linux-amd64-v1.1.1/vrf", + "Class": "lang-pkgs", + "Type": "gobinary" + }, + { + "Target": "usr/local/bin/crictl", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-28840", + "PkgName": "github.com/docker/docker", + "InstalledVersion": "v20.10.17+incompatible", + "FixedVersion": "23.0.3, 20.10.24", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28840", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "Encrypted overlay network may be unauthenticated", + "Description": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203", + "CWE-755" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "V3Score": 8.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-28840", + "https://github.com/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", + "https://github.com/moby/moby/issues/43382", + "https://github.com/moby/moby/pull/45118", + "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", + "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", + "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", + "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", + "https://www.cve.org/CVERecord?id=CVE-2023-28840" + ], + "PublishedDate": "2023-04-04T22:15:00Z", + "LastModifiedDate": "2023-04-14T15:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.0.0-20220906165146-f3363e06e74c", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/advisories/GHSA-69cg-p879-7622", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:00Z", + "LastModifiedDate": "2022-10-28T12:42:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41721", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.1.1-0.20221104162952-702349b0e862", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41721", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "request smuggling", + "Description": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41721", + "https://github.com/advisories/GHSA-fxg5-wq6x-vr4w", + "https://go.dev/cl/447396", + "https://go.dev/issue/56352", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41721", + "https://pkg.go.dev/vuln/GO-2023-1495", + "https://www.cve.org/CVERecord?id=CVE-2022-41721" + ], + "PublishedDate": "2023-01-13T23:15:00Z", + "LastModifiedDate": "2023-01-24T17:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.0.0-20220722155237-a158d28d115b", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32149", + "PkgName": "golang.org/x/text", + "InstalledVersion": "v0.3.7", + "FixedVersion": "0.3.8", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32149", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "ParseAcceptLanguage takes a long time to parse complex tags", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-32149", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149", + "https://github.com/advisories/GHSA-69ch-w2m2-3vjp", + "https://github.com/golang/go/issues/56152", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c", + "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)", + "https://go.dev/cl/442235", + "https://go.dev/issue/56152", + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "https://pkg.go.dev/vuln/GO-2022-1059", + "https://ubuntu.com/security/notices/USN-5873-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32149" + ], + "PublishedDate": "2022-10-14T15:15:00Z", + "LastModifiedDate": "2022-10-18T17:41:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubectl-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.11", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.5", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.25.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.3", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.0", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "PkgName": "golang.org/x/net", + "InstalledVersion": "v0.3.1-0.20221206200815-1e63c2f08a10", + "FixedVersion": "0.7.0", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:00Z", + "LastModifiedDate": "2023-08-08T14:22:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.26.6", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.1", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-27561", + "PkgName": "github.com/opencontainers/runc", + "InstalledVersion": "v1.1.4", + "FixedVersion": "1.1.5", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-12579.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:00Z", + "LastModifiedDate": "2023-08-16T03:15:00Z" + } + ] + }, + { + "Target": "usr/local/bin/kubelet-1.27.3", + "Class": "lang-pkgs", + "Type": "gobinary", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-2253", + "PkgName": "github.com/docker/distribution", + "InstalledVersion": "v2.8.1+incompatible", + "FixedVersion": "2.8.2-beta.1", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2253", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "DoS from malicious API request", + "Description": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-2253", + "https://bugzilla.redhat.com/show_bug.cgi?id=2189886", + "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw", + "https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc", + "https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2253", + "https://www.cve.org/CVERecord?id=CVE-2023-2253" + ], + "PublishedDate": "2023-06-06T20:15:00Z", + "LastModifiedDate": "2023-06-29T16:15:00Z" + } + ] + } + ] +} diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0.txt new file mode 100644 index 00000000000..89e63660ab1 --- /dev/null +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/202308.22.0.txt @@ -0,0 +1,897 @@ +Starting build on Tue Aug 22 16:25:27 UTC 2023 +Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): + - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 + - [installed] containerd v1.7.1-1 + - crictl version 1.25.0 + - runc version 1.1.7 + - bpftrace v0.9.4 + - nvidia-driver=cuda-525.85.12-sha-e8873b + - bcc-tools + - libbcc-examples +containerd images pre-pulled: + - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.19 + - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.6.3 + - mcr.microsoft.com/oss/kubernetes/pause:3.6 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.10.1 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.8.7 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.3 + - mcr.microsoft.com/oss/kubernetes/coredns:v1.9.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 + - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 + - mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4 + - mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.9 + - mcr.microsoft.com/containernetworking/azure-npm:v1.4.45.1 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.30 + - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 + - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 + - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 + - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.4-main-08-11-2023-6de2ec55 + - mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2 + - mcr.microsoft.com/oss/calico/cni:v3.24.6 + - mcr.microsoft.com/oss/calico/cni:v3.24.0 + - mcr.microsoft.com/oss/calico/node:v3.24.6 + - mcr.microsoft.com/oss/calico/node:v3.24.0 + - mcr.microsoft.com/oss/calico/typha:v3.24.6 + - mcr.microsoft.com/oss/calico/typha:v3.24.0 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.6 + - mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.6 + - mcr.microsoft.com/oss/calico/kube-controllers:v3.24.0 + - mcr.microsoft.com/oss/cilium/operator-generic:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10 + - mcr.microsoft.com/oss/cilium/cilium:1.12.10-1 + - mcr.microsoft.com/oss/tigera/operator:v1.28.0 + - mcr.microsoft.com/oss/tigera/operator:v1.28.13 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.21 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.12 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.15 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.11 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4 + - mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.5 + - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:v1.8.8 + - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.5.0.12 + - mcr.microsoft.com/aks/ip-masq-agent-v2:v0.1.7 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.5-1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 + - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 + - mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 + - mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.13.0 + - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.1.0 + - mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1 + - mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1 + - Azure CNI version 1.5.5 + - Azure CNI version 1.4.43 + - Azure Swift CNI version 1.5.5 + - Azure Swift CNI version 1.4.43 + - Azure Overlay CNI version 1.5.5 + - Azure Overlay CNI version 1.4.43 + - CNI plugin version 1.1.1 + - mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.13.0.7 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.9-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.10-hotfix.20230612-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.24.15-1 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.5-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.6-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.25.11 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.0-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.3-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.26.6 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.1-hotfix.20230612 + - mcr.microsoft.com/oss/kubernetes/kube-proxy:v1.27.3 +kubelet/kubectl downloaded: +-rwxr-xr-x 1 root root 50311268 Aug 26 2022 /usr/local/bin/crictl +-rwxr-xr-x 1 root root 116095704 Jun 12 19:26 /usr/local/bin/kubelet-1.24.9 +-rwxr-xr-x 1 root root 45752320 Jun 12 19:26 /usr/local/bin/kubectl-1.24.9 +-rwxr-xr-x 1 root root 116624792 Jun 12 19:26 /usr/local/bin/kubelet-1.24.10 +-rwxr-xr-x 1 root root 46067712 Jun 12 19:26 /usr/local/bin/kubectl-1.24.10 +-rwxr-xr-x 1 root root 106151936 Jun 12 19:37 /usr/local/bin/kubelet-1.27.1 +-rwxr-xr-x 1 root root 49246208 Jun 12 19:37 /usr/local/bin/kubectl-1.27.1 +-rwxr-xr-x 1 root root 121272408 Jun 12 19:42 /usr/local/bin/kubelet-1.26.3 +-rwxr-xr-x 1 root root 48037888 Jun 12 19:42 /usr/local/bin/kubectl-1.26.3 +-rwxr-xr-x 1 root root 114245560 Jun 12 19:43 /usr/local/bin/kubelet-1.25.5 +-rwxr-xr-x 1 root root 45031424 Jun 12 19:43 /usr/local/bin/kubectl-1.25.5 +-rwxr-xr-x 1 root root 121251736 Jun 12 19:43 /usr/local/bin/kubelet-1.26.0 +-rwxr-xr-x 1 root root 48021504 Jun 12 19:43 /usr/local/bin/kubectl-1.26.0 +-rwxr-xr-x 1 root root 114245720 Jun 12 19:47 /usr/local/bin/kubelet-1.25.6 +-rwxr-xr-x 1 root root 45027328 Jun 12 19:47 /usr/local/bin/kubectl-1.25.6 +-rwxr-xr-x 1 root root 117297792 Jun 19 16:48 /usr/local/bin/kubelet-1.24.15 +-rwxr-xr-x 1 root root 46084096 Jun 19 16:48 /usr/local/bin/kubectl-1.24.15 +-rwxr-xr-x 1 root root 106160128 Jun 19 17:02 /usr/local/bin/kubelet-1.27.3 +-rwxr-xr-x 1 root root 49258496 Jun 19 17:02 /usr/local/bin/kubectl-1.27.3 +-rwxr-xr-x 1 root root 114881728 Jun 19 17:03 /usr/local/bin/kubelet-1.25.11 +-rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 +-rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 +-rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:36 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:36 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:36 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:38 /usr/local/bin/bpftrace +=== Installed Packages Begin +Listing... +acr-mirror/now 0.1.0 amd64 [installed,local] +adduser/jammy,now 3.118ubuntu5 all [installed,automatic] +apparmor/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] +apt-transport-https/jammy-updates,now 2.4.10 all [installed] +apt-utils/jammy-updates,now 2.4.10 amd64 [installed,automatic] +apt/jammy-updates,now 2.4.10 amd64 [installed,automatic] +attr/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] +base-files/jammy-updates,now 12ubuntu4.4 amd64 [installed] +base-passwd/jammy,now 3.5.52build1 amd64 [installed] +bash-completion/jammy,now 1:2.11-5ubuntu1 all [installed,automatic] +bash/jammy,now 5.1-6ubuntu1 amd64 [installed] +bc/jammy,now 1.07.1-3build1 amd64 [installed,automatic] +bcache-tools/jammy,now 1.0.8-4ubuntu3 amd64 [installed] +bind9-dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +bind9-host/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +bind9-libs/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 amd64 [installed,automatic] +binutils-common/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +binutils-x86-64-linux-gnu/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +binutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +blobfuse2/jammy,now 2.0.5 amd64 [installed] +bolt/jammy,now 0.9.2-1 amd64 [installed] +bsdextrautils/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +bsdutils/jammy,now 1:2.37.2-4ubuntu3 amd64 [installed] +btrfs-progs/jammy,now 5.16.2-1 amd64 [installed] +build-essential/jammy,now 12.9ubuntu3 amd64 [installed] +busybox-initramfs/jammy,now 1:1.30.1-7ubuntu3 amd64 [installed,automatic] +busybox-static/jammy,now 1:1.30.1-7ubuntu3 amd64 [installed,automatic] +byobu/jammy,now 5.133-1 all [installed] +bzip2/jammy,now 1.0.8-5build1 amd64 [installed,automatic] +ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 all [installed] +ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed] +cgroup-lite/jammy,now 1.15 all [installed] +chrony/jammy,now 4.2-2ubuntu2 amd64 [installed] +cifs-utils/jammy-updates,jammy-security,now 2:6.14-1ubuntu0.1 amd64 [installed] +cloud-guest-utils/jammy,now 0.32-22-g45fe84a5-0ubuntu1 all [installed] +cloud-init/jammy-updates,now 23.2.2-0ubuntu0~22.04.1 all [installed] +cloud-initramfs-copymods/jammy,now 0.47ubuntu1 all [installed] +cloud-initramfs-dyn-netconf/jammy,now 0.47ubuntu1 all [installed] +command-not-found/jammy,now 22.04.0 all [installed,automatic] +conntrack/jammy,now 1:1.4.6-2build2 amd64 [installed] +console-setup-linux/jammy,now 1.205ubuntu3 all [installed,automatic] +console-setup/jammy,now 1.205ubuntu3 all [installed,automatic] +coreutils/jammy,now 8.32-4.1ubuntu1 amd64 [installed,automatic] +cpio/jammy,now 2.13+dfsg-7 amd64 [installed,automatic] +cpp-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +cpp-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +cpp/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed,automatic] +cracklib-runtime/jammy,now 2.9.6-3.4build4 amd64 [installed] +cron/jammy,now 3.0pl1-137ubuntu3 amd64 [installed,automatic] +cryptsetup-bin/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +cryptsetup-initramfs/jammy-updates,now 2:2.4.3-1ubuntu1.1 all [installed,automatic] +cryptsetup/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed] +dash/jammy,now 0.5.11+git20210903+057cd650a4ed-3build1 amd64 [installed] +dbus-user-session/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +dbus/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +dctrl-tools/jammy,now 2.24-3build2 amd64 [installed,automatic] +debconf-i18n/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +debianutils/jammy,now 5.5-1ubuntu2 amd64 [installed,automatic] +diffutils/jammy,now 1:3.8-0ubuntu2 amd64 [installed] +dirmngr/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed] +distro-info-data/jammy-updates,now 0.52ubuntu0.4 all [installed,automatic] +distro-info/jammy-updates,now 1.1ubuntu0.1 amd64 [installed,automatic] +dkms/jammy-updates,now 2.8.7-2ubuntu2.2 all [installed] +dmeventd/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +dmidecode/jammy-updates,now 3.3-3ubuntu0.1 amd64 [installed,automatic] +dmsetup/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +dnsutils/jammy-updates,jammy-security,now 1:9.18.12-0ubuntu0.22.04.2 all [installed] +dosfstools/jammy,now 4.2-1build3 amd64 [installed,automatic] +dpkg-dev/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +dpkg/jammy-updates,now 1.21.1ubuntu2.2 amd64 [installed,automatic] +e2fsprogs/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +eatmydata/jammy,now 130-2build1 all [installed] +ebtables/jammy,now 2.0.11-4build2 amd64 [installed] +ed/jammy,now 1.18-1 amd64 [installed,automatic] +efibootmgr/jammy,now 17-1ubuntu2 amd64 [installed] +eject/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +ethtool/jammy,now 1:5.16-1 amd64 [installed] +fdisk/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +file/jammy,now 1:5.41-3 amd64 [installed,automatic] +finalrd/jammy,now 9build1 all [installed,automatic] +findutils/jammy,now 4.8.0-1ubuntu3 amd64 [installed] +fonts-ubuntu-console/jammy,now 0.83-6ubuntu1 all [installed] +friendly-recovery/jammy,now 0.2.42 all [installed,automatic] +ftp/jammy,now 20210827-4build1 all [installed,automatic] +fuse3/jammy,now 3.10.5-1build1 amd64 [installed] +fwupd-signed/jammy-updates,now 1.51.1~22.04.1+1.4-0ubuntu0.1 amd64 [installed] +g++-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +g++/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed,automatic] +gawk/jammy,now 1:5.1.0-1build3 amd64 [installed,automatic] +gcc-11-base/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-11/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-12-base/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc-12/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +gcc/jammy,now 4:11.2.0-1ubuntu1 amd64 [installed] +gdisk/jammy,now 1.0.8-4build1 amd64 [installed,automatic] +gettext-base/jammy,now 0.21-4ubuntu4 amd64 [installed,automatic] +gir1.2-glib-2.0/jammy,now 1.72.0-1 amd64 [installed,automatic] +gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 amd64 [installed] +glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed] +glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] +gnupg-utils/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gnupg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed] +gpg-agent/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg-wks-client/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg-wks-server/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpg/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgconf/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgsm/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +gpgv/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 amd64 [installed,automatic] +grep/jammy,now 3.7-1build1 amd64 [installed] +groff-base/jammy,now 1.22.4-8build1 amd64 [installed,automatic] +grub-common/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub-efi-amd64-bin/jammy-updates,now 2.06-2ubuntu14.1 amd64 [installed] +grub-efi-amd64-signed/jammy-updates,now 1.187.3~22.04.1+2.06-2ubuntu14.1 amd64 [installed] +grub-gfxpayload-lists/jammy,now 0.7 amd64 [installed,automatic] +grub-pc-bin/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub-pc/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +grub2-common/jammy-updates,now 2.06-2ubuntu7.2 amd64 [installed,automatic] +gzip/jammy-updates,now 1.10-4ubuntu4.1 amd64 [installed] +hdparm/jammy,now 9.60+ds-1build3 amd64 [installed,automatic] +hostname/jammy,now 3.23ubuntu2 amd64 [installed] +htop/jammy,now 3.0.5-7build2 amd64 [installed] +iftop/jammy,now 1.0~pre4-7 amd64 [installed] +info/jammy,now 6.8-4build1 amd64 [installed,automatic] +init-system-helpers/jammy,now 1.62 all [installed] +init/jammy,now 1.62 amd64 [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 amd64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] +inotify-tools/jammy,now 3.22.1.0-2 amd64 [installed] +install-info/jammy,now 6.8-4build1 amd64 [installed,automatic] +iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 amd64 [installed] +iproute2/jammy,now 5.15.0-1ubuntu2 amd64 [installed] +ipset/jammy,now 7.15-1build1 amd64 [installed] +iptables/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed] +iputils-ping/jammy,now 3:20211215-1 amd64 [installed,automatic] +iputils-tracepath/jammy,now 3:20211215-1 amd64 [installed,automatic] +irqbalance/jammy,now 1.8.0-1build1 amd64 [installed,automatic] +isc-dhcp-client/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic] +isc-dhcp-common/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic] +iso-codes/jammy,now 4.9.0-1 all [installed,automatic] +jq/jammy,now 1.6-2.1ubuntu3 amd64 [installed] +kbd/jammy-updates,now 2.3.0-3ubuntu4.22.04 amd64 [installed,automatic] +keyboard-configuration/jammy,now 1.205ubuntu3 all [installed,automatic] +keyutils/jammy,now 1.6.1-2ubuntu3 amd64 [installed] +klibc-utils/jammy,now 2.0.10-4 amd64 [installed,automatic] +kmod/jammy,now 29-1ubuntu1 amd64 [installed] +kpartx/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 amd64 [installed,automatic] +landscape-common/jammy,now 19.12-0ubuntu13 amd64 [installed] +less/jammy-updates,jammy-security,now 590-1ubuntu0.22.04.1 amd64 [installed,automatic] +libacl1/jammy,now 2.3.1-1 amd64 [installed,automatic] +libaio1/jammy,now 0.3.112-13build1 amd64 [installed,automatic] +libapparmor1/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] +libappstream4/jammy,now 0.15.2-2 amd64 [installed,automatic] +libapt-pkg6.0/jammy-updates,now 2.4.10 amd64 [installed,automatic] +libarchive13/jammy,now 3.6.0-1ubuntu1 amd64 [installed] +libargon2-1/jammy,now 0~20171227-0.3 amd64 [installed,automatic] +libasan6/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libasan8/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libassuan0/jammy,now 2.5.5-1build1 amd64 [installed,automatic] +libatasmart4/jammy,now 0.19-5build2 amd64 [installed] +libatm1/jammy,now 1:2.5.1-4build2 amd64 [installed,automatic] +libatomic1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libattr1/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] +libaudit-common/jammy,now 1:3.0.7-1build1 all [installed,automatic] +libaudit1/jammy,now 1:3.0.7-1build1 amd64 [installed,automatic] +libbabeltrace1/jammy,now 1.5.8-2build1 amd64 [installed,automatic] +libbinutils/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libblkid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libblockdev-crypto2/jammy,now 2.26-1 amd64 [installed] +libblockdev-fs2/jammy,now 2.26-1 amd64 [installed] +libblockdev-loop2/jammy,now 2.26-1 amd64 [installed] +libblockdev-part-err2/jammy,now 2.26-1 amd64 [installed] +libblockdev-part2/jammy,now 2.26-1 amd64 [installed] +libblockdev-swap2/jammy,now 2.26-1 amd64 [installed] +libblockdev-utils2/jammy,now 2.26-1 amd64 [installed] +libblockdev2/jammy,now 2.26-1 amd64 [installed] +libboost-context1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-filesystem1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-iostreams1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-program-options1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libboost-thread1.74.0/jammy,now 1.74.0-14ubuntu3 amd64 [installed,automatic] +libbpf0/jammy-updates,jammy-security,now 1:0.5.0-1ubuntu22.04.1 amd64 [installed,automatic] +libbrotli1/jammy,now 1.0.9-2build6 amd64 [installed,automatic] +libbsd0/jammy,now 0.11.5-1 amd64 [installed,automatic] +libbz2-1.0/jammy,now 1.0.8-5build1 amd64 [installed,automatic] +libc-bin/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc-dev-bin/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc6-dev/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libc6/jammy-updates,now 2.35-0ubuntu3.1 amd64 [installed,automatic] +libcap-ng0/jammy,now 0.7.9-2.2build3 amd64 [installed,automatic] +libcap2-bin/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libcap2/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libcbor0.8/jammy,now 0.8.0-2ubuntu1 amd64 [installed,automatic] +libcc1-0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libcephfs2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +libcom-err2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libcrack2/jammy,now 2.9.6-3.4build4 amd64 [installed,automatic] +libcrypt-dev/jammy,now 1:4.4.27-1 amd64 [installed,automatic] +libcrypt1/jammy,now 1:4.4.27-1 amd64 [installed,automatic] +libcryptsetup12/jammy-updates,now 2:2.4.3-1ubuntu1.1 amd64 [installed,automatic] +libctf-nobfd0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libctf0/jammy-updates,jammy-security,now 2.38-4ubuntu2.3 amd64 [installed,automatic] +libcurl3-gnutls/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] +libcurl4/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic] +libdaxctl1/jammy,now 72.1-1 amd64 [installed,automatic] +libdb5.3/jammy,now 5.3.28+dfsg1-0.8ubuntu3 amd64 [installed,automatic] +libdbus-1-3/jammy-updates,jammy-security,now 1.12.20-2ubuntu4.1 amd64 [installed,automatic] +libdebconfclient0/jammy,now 0.261ubuntu1 amd64 [installed] +libdevmapper-event1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +libdevmapper1.02.1/jammy,now 2:1.02.175-2.1ubuntu4 amd64 [installed,automatic] +libdns-export1110/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 amd64 [installed,automatic] +libdpkg-perl/jammy-updates,now 1.21.1ubuntu2.2 all [installed,automatic] +libdrm-common/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 all [installed,automatic] +libdrm2/jammy-updates,now 2.4.113-2~ubuntu0.22.04.1 amd64 [installed,automatic] +libdw1/jammy,now 0.186-1build1 amd64 [installed,automatic] +libeatmydata1/jammy,now 130-2build1 amd64 [installed] +libedit2/jammy,now 3.1-20210910-1build1 amd64 [installed,automatic] +libefiboot1/jammy,now 37-6ubuntu2 amd64 [installed] +libefivar1/jammy,now 37-6ubuntu2 amd64 [installed] +libelf1/jammy,now 0.186-1build1 amd64 [installed,automatic] +liberror-perl/jammy,now 0.17029-1 all [installed,automatic] +libestr0/jammy,now 0.1.10-2.1build3 amd64 [installed,automatic] +libevent-core-2.1-7/jammy,now 2.1.12-stable-1build3 amd64 [installed,automatic] +libexpat1/jammy-updates,jammy-security,now 2.4.7-1ubuntu0.2 amd64 [installed,automatic] +libext2fs2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libfastjson4/jammy,now 0.99.9-1build2 amd64 [installed,automatic] +libfdisk1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libffi8/jammy,now 3.4.2-4 amd64 [installed,automatic] +libfido2-1/jammy,now 1.10.0-1 amd64 [installed,automatic] +libflashrom1/jammy,now 1.2-5build1 amd64 [installed] +libfreetype6/jammy-updates,jammy-security,now 2.11.1+dfsg-1ubuntu0.2 amd64 [installed,automatic] +libfribidi0/jammy-updates,jammy-security,now 1.0.8-2ubuntu3.1 amd64 [installed,automatic] +libftdi1-2/jammy,now 1.5-5build3 amd64 [installed] +libfuse3-3/jammy,now 3.10.5-1build1 amd64 [installed,automatic] +libfwupd2/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed] +libfwupdplugin5/jammy-updates,now 1.7.9-1~22.04.3 amd64 [installed] +libgcab-1.0-0/jammy,now 1.4-3build2 amd64 [installed] +libgcc-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcc-12-dev/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcc-s1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgcrypt20/jammy,now 1.9.4-3ubuntu3 amd64 [installed,automatic] +libgdbm-compat4/jammy,now 1.23-1 amd64 [installed,automatic] +libgdbm6/jammy,now 1.23-1 amd64 [installed,automatic] +libgfapi0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfchangelog0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfrpc0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgfxdr0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgirepository-1.0-1/jammy,now 1.72.0-1 amd64 [installed,automatic] +libglib2.0-0/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 amd64 [installed,automatic] +libglib2.0-bin/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 amd64 [installed,automatic] +libglib2.0-data/jammy-updates,jammy-security,now 2.72.4-0ubuntu2.2 all [installed,automatic] +libglusterd0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libglusterfs0/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] +libgmp10/jammy,now 2:6.2.1+dfsg-3ubuntu1 amd64 [installed,automatic] +libgnutls30/jammy-updates,jammy-security,now 3.7.3-4ubuntu1.2 amd64 [installed,automatic] +libgomp1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libgoogle-perftools4/jammy,now 2.9.1-0ubuntu3 amd64 [installed,automatic] +libgpg-error0/jammy,now 1.43-3 amd64 [installed,automatic] +libgpgme11/jammy-updates,now 1.16.0-1.2ubuntu4.1 amd64 [installed] +libgpm2/jammy,now 1.20.7-10build1 amd64 [installed,automatic] +libgssapi-krb5-2/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libgstreamer1.0-0/jammy-updates,now 1.20.3-0ubuntu1 amd64 [installed,automatic] +libgudev-1.0-0/jammy,now 1:237-2build1 amd64 [installed] +libgusb2/jammy,now 0.3.10-1 amd64 [installed] +libhogweed6/jammy,now 3.7.3-1build2 amd64 [installed,automatic] +libibverbs1/jammy,now 39.0-1 amd64 [installed,automatic] +libicu70/jammy,now 70.1-2 amd64 [installed,automatic] +libidn2-0/jammy,now 2.3.2-2build1 amd64 [installed,automatic] +libinih1/jammy,now 53-1ubuntu3 amd64 [installed,automatic] +libinotifytools0/jammy,now 3.22.1.0-2 amd64 [installed,automatic] +libintl-perl/jammy,now 1.26-3build2 all [installed,automatic] +libintl-xs-perl/jammy,now 1.26-3build2 amd64 [installed,automatic] +libip4tc2/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libip6tc2/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libipset13/jammy,now 7.15-1build1 amd64 [installed,automatic] +libisc-export1105/jammy,now 1:9.11.19+dfsg-2.1ubuntu3 amd64 [installed,automatic] +libisl23/jammy,now 0.24-2build1 amd64 [installed,automatic] +libisns0/jammy,now 0.101-0ubuntu2 amd64 [installed,automatic] +libitm1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libjansson4/jammy,now 2.13.1-1.1build3 amd64 [installed,automatic] +libjcat1/jammy,now 0.1.9-1 amd64 [installed] +libjq1/jammy,now 1.6-2.1ubuntu3 amd64 [installed,automatic] +libjson-c5/jammy-updates,now 0.15-3~ubuntu1.22.04.1 amd64 [installed,automatic] +libjson-glib-1.0-0/jammy,now 1.6.6-1build1 amd64 [installed] +libjson-glib-1.0-common/jammy,now 1.6.6-1build1 all [installed] +libk5crypto3/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libkeyutils1/jammy,now 1.6.1-2ubuntu3 amd64 [installed,automatic] +libklibc/jammy,now 2.0.10-4 amd64 [installed,automatic] +libkmod2/jammy,now 29-1ubuntu1 amd64 [installed,automatic] +libkrb5-3/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libkrb5support0/jammy-updates,now 1.19.2-2ubuntu0.2 amd64 [installed,automatic] +libksba8/jammy-updates,jammy-security,now 1.6.0-2ubuntu0.2 amd64 [installed,automatic] +libldap-2.5-0/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 amd64 [installed,automatic] +libldap-common/jammy-updates,now 2.5.16+dfsg-0ubuntu0.22.04.1 all [installed,automatic] +liblmdb0/jammy,now 0.9.24-1build2 amd64 [installed,automatic] +liblocale-gettext-perl/jammy,now 1.07-4build3 amd64 [installed,automatic] +liblsan0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +liblua5.3-0/jammy,now 5.3.6-1build1 amd64 [installed,automatic] +liblvm2cmd2.03/jammy,now 2.03.11-2.1ubuntu4 amd64 [installed,automatic] +liblz4-1/jammy,now 1.9.3-2build2 amd64 [installed,automatic] +liblzma5/jammy,now 5.2.5-2ubuntu1 amd64 [installed,automatic] +liblzo2-2/jammy,now 2.10-2build3 amd64 [installed,automatic] +libmagic-mgc/jammy,now 1:5.41-3 amd64 [installed,automatic] +libmagic1/jammy,now 1:5.41-3 amd64 [installed,automatic] +libmaxminddb0/jammy,now 1.5.2-1build2 amd64 [installed,automatic] +libmbim-glib4/jammy-updates,now 1.28.0-1~ubuntu20.04.1 amd64 [installed] +libmbim-proxy/jammy-updates,now 1.28.0-1~ubuntu20.04.1 amd64 [installed] +libmd0/jammy,now 1.0.4-1build1 amd64 [installed,automatic] +libmm-glib0/jammy-updates,now 1.20.0-1~ubuntu22.04.2 amd64 [installed] +libmnl0/jammy,now 1.0.4-3build2 amd64 [installed,automatic] +libmodule-find-perl/jammy,now 0.15-1 all [installed,automatic] +libmodule-scandeps-perl/jammy,now 1.31-1 all [installed,automatic] +libmount1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libmpc3/jammy,now 1.2.1-2build1 amd64 [installed,automatic] +libmpdec3/jammy,now 2.5.1-2build2 amd64 [installed,automatic] +libmpfr6/jammy,now 4.1.0-3build3 amd64 [installed,automatic] +libncurses6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libncursesw6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libndctl6/jammy,now 72.1-1 amd64 [installed,automatic] +libnetfilter-conntrack3/jammy,now 1.0.9-1 amd64 [installed,automatic] +libnetplan0/jammy-updates,now 0.105-0ubuntu2~22.04.3 amd64 [installed,automatic] +libnettle8/jammy,now 3.7.3-1build2 amd64 [installed,automatic] +libnewt0.52/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +libnfnetlink0/jammy,now 1.0.1-3build3 amd64 [installed,automatic] +libnfsidmap1/jammy-updates,now 1:2.6.1-1ubuntu1.2 amd64 [installed,automatic] +libnftables1/jammy-updates,now 1.0.2-1ubuntu3 amd64 [installed,automatic] +libnftnl11/jammy,now 1.2.1-1build1 amd64 [installed,automatic] +libnghttp2-14/jammy,now 1.43.0-1build3 amd64 [installed,automatic] +libnl-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnl-genl-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnl-route-3-200/jammy,now 3.5.0-0.1 amd64 [installed,automatic] +libnpth0/jammy,now 1.6-3build2 amd64 [installed,automatic] +libnsl-dev/jammy,now 1.3.0-2build2 amd64 [installed,automatic] +libnsl2/jammy,now 1.3.0-2build2 amd64 [installed,automatic] +libnspr4/jammy,now 2:4.32-3build1 amd64 [installed] +libnss-systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libnss3/jammy-updates,jammy-security,now 2:3.68.2-0ubuntu1.2 amd64 [installed] +libntfs-3g89/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 amd64 [installed,automatic] +libnuma1/jammy,now 2.0.14-3ubuntu2 amd64 [installed,automatic] +liboath0/jammy,now 2.6.7-3build1 amd64 [installed,automatic] +libonig5/jammy,now 6.9.7.1-2build1 amd64 [installed,automatic] +libopeniscsiusr/jammy,now 2.1.5-1ubuntu1 amd64 [installed,automatic] +libp11-kit0/jammy,now 0.24.0-6build1 amd64 [installed,automatic] +libpackagekit-glib2-18/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +libpam-cap/jammy-updates,jammy-security,now 1:2.44-1ubuntu0.22.04.1 amd64 [installed,automatic] +libpam-modules-bin/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libpam-modules/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libpam-pwquality/jammy,now 1.4.4-1build2 amd64 [installed] +libpam-runtime/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 all [installed,automatic] +libpam-systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libpam0g/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64 [installed,automatic] +libparted-fs-resize0/jammy,now 3.4-2build1 amd64 [installed] +libparted2/jammy,now 3.4-2build1 amd64 [installed,automatic] +libpcap0.8/jammy,now 1.10.1-4build1 amd64 [installed,automatic] +libpci3/jammy,now 1:3.7.0-6 amd64 [installed,automatic] +libpcre2-8-0/jammy-updates,jammy-security,now 10.39-3ubuntu0.1 amd64 [installed,automatic] +libpcre3/jammy-updates,jammy-security,now 2:8.39-13ubuntu0.22.04.1 amd64 [installed,automatic] +libperl5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +libpipeline1/jammy,now 1.5.5-1 amd64 [installed,automatic] +libplymouth5/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +libpmem1/jammy,now 1.11.1-3build1 amd64 [installed,automatic] +libpmemobj1/jammy,now 1.11.1-3build1 amd64 [installed,automatic] +libpng16-16/jammy,now 1.6.37-3build5 amd64 [installed,automatic] +libpolkit-agent-1-0/jammy,now 0.105-33 amd64 [installed,automatic] +libpolkit-gobject-1-0/jammy,now 0.105-33 amd64 [installed,automatic] +libpopt0/jammy,now 1.18-3build1 amd64 [installed,automatic] +libproc-processtable-perl/jammy,now 0.634-1build1 amd64 [installed,automatic] +libprocps8/jammy,now 2:3.3.17-6ubuntu2 amd64 [installed,automatic] +libpsl5/jammy,now 0.21.0-1.2build2 amd64 [installed,automatic] +libpwquality-common/jammy,now 1.4.4-1build2 all [installed,automatic] +libpwquality-tools/jammy,now 1.4.4-1build2 amd64 [installed] +libpwquality1/jammy,now 1.4.4-1build2 amd64 [installed,automatic] +libpython3-stdlib/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed,automatic] +libpython3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libpython3.10-stdlib/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libpython3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +libqmi-glib5/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 amd64 [installed] +libqmi-proxy/jammy-updates,now 1.32.0-1ubuntu0.22.04.1 amd64 [installed] +libquadmath0/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +librabbitmq4/jammy,now 0.10.0-1ubuntu2 amd64 [installed,automatic] +librados2/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +libradosstriper1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +librbd1/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +librdmacm1/jammy,now 39.0-1 amd64 [installed,automatic] +libreadline8/jammy,now 8.1.2-1 amd64 [installed,automatic] +librtmp1/jammy,now 2.4+20151223.gitfa8646d.1-2build4 amd64 [installed,automatic] +libsasl2-2/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libsasl2-modules-db/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libsasl2-modules/jammy-updates,now 2.1.27+dfsg2-3ubuntu1.2 amd64 [installed,automatic] +libseccomp2/jammy,now 2.5.3-2ubuntu2 amd64 [installed,automatic] +libselinux1/jammy,now 3.3-1build2 amd64 [installed,automatic] +libsemanage-common/jammy,now 3.3-1build2 all [installed,automatic] +libsemanage2/jammy,now 3.3-1build2 amd64 [installed,automatic] +libsensors-config/jammy,now 1:3.6.0-7ubuntu1 all [installed,automatic] +libsensors5/jammy,now 1:3.6.0-7ubuntu1 amd64 [installed,automatic] +libsepol2/jammy,now 3.3-1build1 amd64 [installed,automatic] +libsgutils2-2/jammy,now 1.46-1build1 amd64 [installed,automatic] +libsigsegv2/jammy,now 2.13-1ubuntu3 amd64 [installed,automatic] +libslang2/jammy,now 2.3.2-5build4 amd64 [installed,automatic] +libsmartcols1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libsmbios-c2/jammy,now 2.4.3-1build1 amd64 [installed] +libsnappy1v5/jammy,now 1.1.8-1build3 amd64 [installed,automatic] +libsodium23/jammy,now 1.0.18-1build2 amd64 [installed,automatic] +libsort-naturally-perl/jammy,now 1.03-2 all [installed,automatic] +libsqlite3-0/jammy-updates,jammy-security,now 3.37.2-2ubuntu0.1 amd64 [installed,automatic] +libss2/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +libssh-4/jammy-updates,jammy-security,now 0.9.6-2ubuntu0.22.04.1 amd64 [installed,automatic] +libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 amd64 [installed,automatic] +libstdc++-11-dev/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libstdc++6/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libstemmer0d/jammy,now 2.2.0-1build1 amd64 [installed,automatic] +libsysfs2/jammy,now 2.1.1-1build1 amd64 [installed,automatic] +libsystemd0/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libtalloc2/jammy,now 2.3.3-2build1 amd64 [installed] +libtasn1-6/jammy,now 4.18.0-4build1 amd64 [installed,automatic] +libtcl8.6/jammy,now 8.6.12+dfsg-1build1 amd64 [installed] +libtcmalloc-minimal4/jammy,now 2.9.1-0ubuntu3 amd64 [installed,automatic] +libterm-readkey-perl/jammy,now 2.38-1build4 amd64 [installed,automatic] +libtevent0/jammy,now 0.11.0-1build1 amd64 [installed] +libtext-charwidth-perl/jammy,now 0.04-10build3 amd64 [installed,automatic] +libtext-iconv-perl/jammy,now 1.7-7build3 amd64 [installed,automatic] +libtext-wrapi18n-perl/jammy,now 0.06-9 all [installed,automatic] +libtinfo6/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed,automatic] +libtirpc-common/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 all [installed,automatic] +libtirpc-dev/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 amd64 [installed,automatic] +libtirpc3/jammy-updates,jammy-security,now 1.3.2-2ubuntu0.1 amd64 [installed,automatic] +libtsan0/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] +libtsan2/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libtss2-esys-3.0.2-0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-mu0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-rc0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-sys1/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-cmd0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-device0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-mssim0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libtss2-tcti-swtpm0/jammy,now 3.2.0-1ubuntu1 amd64 [installed] +libubsan1/jammy-updates,jammy-security,now 12.3.0-1ubuntu1~22.04 amd64 [installed,automatic] +libuchardet0/jammy,now 0.0.7-1build2 amd64 [installed,automatic] +libudev1/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +libudisks2-0/jammy,now 2.9.4-1ubuntu2 amd64 [installed] +libunistring2/jammy,now 1.0-1 amd64 [installed,automatic] +libunwind8/jammy-updates,now 1.3.2-2build2.1 amd64 [installed,automatic] +liburcu8/jammy,now 0.13.1-1 amd64 [installed,automatic] +libusb-1.0-0/jammy-updates,now 2:1.0.25-1ubuntu2 amd64 [installed,automatic] +libutempter0/jammy,now 1.2.1-2build2 amd64 [installed,automatic] +libuuid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +libuv1/jammy,now 1.43.0-1 amd64 [installed,automatic] +libvolume-key1/jammy,now 0.3.12-3.1build3 amd64 [installed] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 amd64 [installed] +libwrap0/jammy,now 7.6.q-31build2 amd64 [installed] +libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 amd64 [installed,automatic] +libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] +libxau6/jammy,now 1:1.0.9-1build5 amd64 [installed,automatic] +libxcb1/jammy,now 1.14-3ubuntu3 amd64 [installed,automatic] +libxdmcp6/jammy,now 1:1.1.3-0ubuntu5 amd64 [installed,automatic] +libxext6/jammy,now 2:1.3.4-1build1 amd64 [installed,automatic] +libxml2/jammy-updates,jammy-security,now 2.9.13+dfsg-1ubuntu0.3 amd64 [installed,automatic] +libxmlb2/jammy,now 0.3.6-2build1 amd64 [installed,automatic] +libxmuu1/jammy,now 2:1.1.3-3 amd64 [installed,automatic] +libxtables12/jammy-updates,now 1.8.7-1ubuntu5.1 amd64 [installed,automatic] +libxxhash0/jammy,now 0.8.1-1 amd64 [installed,automatic] +libyaml-0-2/jammy,now 0.2.2-1build2 amd64 [installed,automatic] +libzstd1/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] +linux-azure-cloud-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-azure-headers-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 all [installed] +linux-azure-tools-5.15.0-1041/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] +linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] +linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 amd64 [installed,automatic] +linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] +linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] +locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] +login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed] +logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 amd64 [installed,automatic] +logsave/jammy-updates,jammy-security,now 1.46.5-2ubuntu1.1 amd64 [installed,automatic] +lsb-base/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lsb-release/jammy,now 11.1.0ubuntu4 all [installed,automatic] +lshw/jammy,now 02.19.git.2021.06.19.996aaad9c7-2build1 amd64 [installed,automatic] +lsof/jammy,now 4.93.2+dfsg-1.1build2 amd64 [installed,automatic] +lsscsi/jammy,now 0.31-1build2 amd64 [installed] +lto-disabled-list/jammy,now 24 all [installed,automatic] +lvm2/jammy,now 2.03.11-2.1ubuntu4 amd64 [installed] +lxd-agent-loader/jammy,now 0.5 all [installed] +make/jammy,now 4.3-4.1build1 amd64 [installed] +man-db/jammy,now 2.10.2-1 amd64 [installed,automatic] +manpages/jammy,now 5.10-1ubuntu1 all [installed,automatic] +mawk/jammy,now 1.3.4.20200120-3 amd64 [installed,automatic] +mdadm/jammy-updates,now 4.2-0ubuntu2 amd64 [installed] +media-types/jammy,now 7.0.0 all [installed,automatic] +moby-containerd/testing,now 1.7.1+azure-ubuntu22.04u1 amd64 [installed,upgradable to: 1.7.2+azure-ubuntu22.04u1] +moby-runc/testing,jammy,now 1.1.7+azure-ubuntu22.04u2 amd64 [installed,upgradable to: 1.1.8+azure-ubuntu22.04u1] +mokutil/jammy-updates,now 0.6.0-2~22.04.1 amd64 [installed] +motd-news-config/jammy-updates,now 12ubuntu4.4 all [installed] +mount/jammy,now 2.37.2-4ubuntu3 amd64 [installed] +mtr-tiny/jammy,now 0.95-1 amd64 [installed,automatic] +multipath-tools/jammy-updates,jammy-security,now 0.8.8-1ubuntu1.22.04.1 amd64 [installed] +nano/jammy,now 6.2-1 amd64 [installed,automatic] +ncurses-base/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +ncurses-bin/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 amd64 [installed] +ncurses-term/jammy-updates,jammy-security,now 6.3-2ubuntu0.1 all [installed] +needrestart/jammy-updates,jammy-security,now 3.5-5ubuntu2.1 all [installed] +netbase/jammy,now 6.3 all [installed,automatic] +netcat-openbsd/jammy,now 1.218-4ubuntu1 amd64 [installed,automatic] +netcat/jammy,now 1.218-4ubuntu1 all [installed] +netplan.io/jammy-updates,now 0.105-0ubuntu2~22.04.3 amd64 [installed,automatic] +networkd-dispatcher/jammy-updates,jammy-security,now 2.1-2ubuntu0.22.04.2 all [installed,automatic] +nfs-common/jammy-updates,now 1:2.6.1-1ubuntu1.2 amd64 [installed] +nftables/jammy-updates,now 1.0.2-1ubuntu3 amd64 [installed] +ntfs-3g/jammy-updates,jammy-security,now 1:2021.8.22-3ubuntu1.2 amd64 [installed,automatic] +nvme-cli/jammy-updates,now 1.16-3ubuntu0.1 amd64 [installed] +open-iscsi/jammy,now 2.1.5-1ubuntu1 amd64 [installed] +openssh-client/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed,automatic] +openssh-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed] +openssh-sftp-server/jammy-updates,jammy-security,now 1:8.9p1-3ubuntu0.3 amd64 [installed] +openssl/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.10 amd64 [installed,automatic] +os-prober/jammy,now 1.79ubuntu2 amd64 [installed,automatic] +overlayroot/jammy,now 0.47ubuntu1 all [installed] +packagekit-tools/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +packagekit/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] +packages-microsoft-prod/jammy,now 1.0-ubuntu22.04.1 all [installed] +parted/jammy,now 3.4-2build1 amd64 [installed,automatic] +passwd/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed,automatic] +pastebinit/jammy,now 1.5.1-1ubuntu1 all [installed,automatic] +patch/jammy,now 2.7.6-7build2 amd64 [installed] +pci.ids/jammy,now 0.0~2022.01.22-1 all [installed,automatic] +pciutils/jammy,now 1:3.7.0-6 amd64 [installed,automatic] +perl-base/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +perl-modules-5.34/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 all [installed,automatic] +perl/jammy-updates,jammy-security,now 5.34.0-3ubuntu1.2 amd64 [installed,automatic] +pigz/jammy,now 2.6-1 amd64 [installed] +pinentry-curses/jammy,now 1.1.1-1build2 amd64 [installed,automatic] +pkexec/jammy,now 0.105-33 amd64 [installed,automatic] +plymouth-theme-ubuntu-text/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +plymouth/jammy,now 0.9.5+git20211018-1ubuntu3 amd64 [installed,automatic] +policykit-1/jammy,now 0.105-33 amd64 [installed,automatic] +polkitd/jammy,now 0.105-33 amd64 [installed,automatic] +pollinate/jammy,now 4.33-3ubuntu2 all [installed] +powermgmt-base/jammy,now 1.36 all [installed,automatic] +procps/jammy,now 2:3.3.17-6ubuntu2 amd64 [installed,automatic] +psmisc/jammy,now 23.4-2build3 amd64 [installed,automatic] +publicsuffix/jammy,now 20211207.1025-1 all [installed,automatic] +python-apt-common/jammy-updates,now 2.4.0ubuntu2 all [installed,automatic] +python-babel-localedata/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-apt/jammy-updates,now 2.4.0ubuntu2 amd64 [installed,automatic] +python3-attr/jammy,now 21.2.0-1 all [installed,automatic] +python3-automat/jammy,now 20.2.0-1 all [installed,automatic] +python3-babel/jammy,now 2.8.0+dfsg.1-7 all [installed] +python3-bcrypt/jammy,now 3.2.0-1build1 amd64 [installed,automatic] +python3-blinker/jammy,now 1.4+dfsg1-0.4 all [installed,automatic] +python3-ceph-argparse/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-ceph-common/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 all [installed,automatic] +python3-cephfs/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-certifi/jammy,now 2020.6.20-1 all [installed] +python3-cffi-backend/jammy,now 1.15.0-1build2 amd64 [installed,automatic] +python3-chardet/jammy,now 4.0.0-1 all [installed,automatic] +python3-click/jammy,now 8.0.3-1 all [installed,automatic] +python3-colorama/jammy,now 0.4.4-1 all [installed,automatic] +python3-commandnotfound/jammy,now 22.04.0 all [installed,automatic] +python3-configobj/jammy,now 5.0.6-5 all [installed,automatic] +python3-constantly/jammy,now 15.1.0-2 all [installed,automatic] +python3-cryptography/jammy,now 3.4.8-1ubuntu2 amd64 [installed,automatic] +python3-dbus/jammy,now 1.2.18-3build1 amd64 [installed,automatic] +python3-debconf/jammy,now 1.5.79ubuntu1 all [installed,automatic] +python3-debian/jammy-updates,now 0.1.43ubuntu1.1 all [installed,automatic] +python3-distro-info/jammy-updates,now 1.1ubuntu0.1 all [installed,automatic] +python3-distro/jammy,now 1.7.0-1 all [installed,automatic] +python3-distupgrade/jammy-updates,now 1:22.04.17 all [installed,automatic] +python3-distutils/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-gdbm/jammy-updates,jammy-security,now 3.10.8-1~22.04 amd64 [installed,automatic] +python3-gi/jammy-updates,now 3.42.1-0ubuntu1 amd64 [installed,automatic] +python3-hamcrest/jammy,now 2.0.2-2 all [installed,automatic] +python3-httplib2/jammy,now 0.20.2-2 all [installed,automatic] +python3-hyperlink/jammy,now 21.0.0-3 all [installed,automatic] +python3-idna/jammy,now 3.3-1 all [installed,automatic] +python3-importlib-metadata/jammy,now 4.6.4-1 all [installed,automatic] +python3-incremental/jammy,now 21.3.0-1 all [installed,automatic] +python3-jeepney/jammy,now 0.7.1-3 all [installed,automatic] +python3-jinja2/jammy,now 3.0.3-1 all [installed] +python3-json-pointer/jammy,now 2.0-0ubuntu1 all [installed] +python3-jsonpatch/jammy,now 1.32-2 all [installed] +python3-jsonschema/jammy,now 3.2.0-0ubuntu2 all [installed] +python3-jwt/jammy-updates,jammy-security,now 2.3.0-1ubuntu0.2 all [installed,automatic] +python3-keyring/jammy,now 23.5.0-1 all [installed,automatic] +python3-launchpadlib/jammy,now 1.10.16-1 all [installed,automatic] +python3-lazr.restfulclient/jammy,now 0.14.4-1 all [installed,automatic] +python3-lazr.uri/jammy,now 1.0.6-2 all [installed,automatic] +python3-lib2to3/jammy-updates,jammy-security,now 3.10.8-1~22.04 all [installed] +python3-magic/jammy,now 2:0.4.24-2 all [installed,automatic] +python3-markupsafe/jammy,now 2.0.1-2build1 amd64 [installed] +python3-minimal/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed,automatic] +python3-more-itertools/jammy,now 8.10.0-2 all [installed,automatic] +python3-netifaces/jammy,now 0.11.0-1build2 amd64 [installed,automatic] +python3-newt/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +python3-oauthlib/jammy-updates,jammy-security,now 3.2.0-1ubuntu0.1 all [installed,automatic] +python3-openssl/jammy,now 21.0.0-1 all [installed,automatic] +python3-parted/jammy,now 3.11.7-1build1 amd64 [installed] +python3-pexpect/jammy,now 4.8.0-2ubuntu1 all [installed,automatic] +python3-pkg-resources/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed,automatic] +python3-prettytable/jammy,now 2.5.0-2 all [installed,automatic] +python3-ptyprocess/jammy,now 0.7.0-3 all [installed,automatic] +python3-pyasn1-modules/jammy,now 0.2.1-1 all [installed,automatic] +python3-pyasn1/jammy,now 0.4.8-1 all [installed,automatic] +python3-pyparsing/jammy,now 2.4.7-1 all [installed,automatic] +python3-pyrsistent/jammy,now 0.18.1-1build1 amd64 [installed] +python3-rados/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-rbd/jammy-updates,now 17.2.6-0ubuntu0.22.04.1 amd64 [installed,automatic] +python3-requests/jammy-updates,jammy-security,now 2.25.1+dfsg-2ubuntu0.1 all [installed] +python3-secretstorage/jammy,now 3.3.1-1 all [installed,automatic] +python3-serial/jammy,now 3.5-1 all [installed] +python3-service-identity/jammy,now 18.1.0-6 all [installed,automatic] +python3-setuptools/jammy-updates,jammy-security,now 59.6.0-1.2ubuntu0.22.04.1 all [installed] +python3-six/jammy,now 1.16.0-3ubuntu1 all [installed,automatic] +python3-software-properties/jammy-updates,now 0.99.22.7 all [installed,automatic] +python3-twisted/jammy-updates,jammy-security,now 22.1.0-2ubuntu2.3 all [installed,automatic] +python3-tz/jammy-updates,now 2022.1-1ubuntu0.22.04.1 all [installed] +python3-update-manager/jammy-updates,now 1:22.04.10 all [installed,automatic] +python3-urllib3/jammy,now 1.26.5-1~exp1 all [installed] +python3-wadllib/jammy,now 1.3.6-1 all [installed,automatic] +python3-wcwidth/jammy,now 0.2.5+dfsg1-1 all [installed,automatic] +python3-yaml/jammy,now 5.4.1-1ubuntu1 amd64 [installed,automatic] +python3-zipp/jammy,now 1.0.0-3 all [installed,automatic] +python3-zope.interface/jammy,now 5.4.0-1build1 amd64 [installed,automatic] +python3.10-minimal/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +python3.10/jammy-updates,jammy-security,now 3.10.12-1~22.04.2 amd64 [installed,automatic] +python3/jammy-updates,jammy-security,now 3.10.6-1~22.04 amd64 [installed] +readline-common/jammy,now 8.1.2-1 all [installed,automatic] +rng-tools-debian/jammy,now 2.3 amd64 [installed] +rpcbind/jammy,now 1.2.6-2build1 amd64 [installed,automatic] +rpcsvc-proto/jammy,now 1.4.2-0ubuntu6 amd64 [installed,automatic] +rsync/jammy-updates,jammy-security,now 3.2.7-0ubuntu0.22.04.2 amd64 [installed,automatic] +rsyslog/jammy-updates,jammy-security,now 8.2112.0-2ubuntu2.2 amd64 [installed,automatic] +run-one/jammy,now 1.17-0ubuntu1 all [installed,automatic] +sbsigntool/jammy,now 0.9.4-2ubuntu2 amd64 [installed] +screen/jammy,now 4.9.0-1 amd64 [installed] +secureboot-db/jammy,now 1.8 amd64 [installed] +sed/jammy,now 4.8-1ubuntu2 amd64 [installed,automatic] +sensible-utils/jammy,now 0.0.17 all [installed,automatic] +sg3-utils-udev/jammy,now 1.46-1build1 all [installed,automatic] +sg3-utils/jammy,now 1.46-1build1 amd64 [installed,automatic] +shared-mime-info/jammy,now 2.1-2 amd64 [installed,automatic] +shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 amd64 [installed] +socat/jammy,now 1.7.4.1-3ubuntu4 amd64 [installed] +software-properties-common/jammy-updates,now 0.99.22.7 all [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 amd64 [installed] +ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] +strace/jammy,now 5.16-0ubuntu3 amd64 [installed,automatic] +sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 amd64 [installed,automatic] +sysfsutils/jammy,now 2.1.1-1build1 amd64 [installed] +sysstat/jammy-updates,jammy-security,now 12.5.2-2ubuntu0.2 amd64 [installed] +systemd-hwe-hwdb/jammy-updates,now 249.11.3 all [installed,automatic] +systemd-sysv/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +systemd/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +sysvinit-utils/jammy,now 3.01-1ubuntu1 amd64 [installed] +tar/jammy-updates,jammy-security,now 1.34+dfsg-1ubuntu0.1.22.04.1 amd64 [installed,automatic] +tcl8.6/jammy,now 8.6.12+dfsg-1build1 amd64 [installed] +tcl/jammy,now 8.6.11+1build2 amd64 [installed] +tcpdump/jammy-updates,now 4.99.1-3ubuntu0.1 amd64 [installed,automatic] +telnet/jammy,now 0.17-44build1 amd64 [installed,automatic] +thin-provisioning-tools/jammy,now 0.9.0-2ubuntu1 amd64 [installed,automatic] +time/jammy,now 1.9-0.1build2 amd64 [installed,automatic] +tmux/jammy-updates,jammy-security,now 3.2a-4ubuntu0.2 amd64 [installed] +tnftp/jammy,now 20210827-4build1 amd64 [installed,automatic] +tpm-udev/jammy,now 0.6 all [installed] +traceroute/jammy,now 1:2.1.0-2 amd64 [installed] +tzdata/jammy-updates,now 2023c-0ubuntu0.22.04.2 all [installed,automatic] +ubuntu-advantage-tools/jammy-updates,now 28.1~22.04 amd64 [installed,automatic] +ubuntu-keyring/jammy,now 2021.03.26 all [installed,automatic] +ubuntu-minimal/jammy-updates,now 1.481.1 amd64 [installed] +ubuntu-release-upgrader-core/jammy-updates,now 1:22.04.17 all [installed,automatic] +ubuntu-standard/jammy-updates,now 1.481.1 amd64 [installed] +ucf/jammy,now 3.0043 all [installed,automatic] +udev/jammy-updates,now 249.11-0ubuntu3.9 amd64 [installed,automatic] +ufw/jammy-updates,now 0.36.1-4ubuntu0.1 all [installed,automatic] +unattended-upgrades/jammy,now 2.8ubuntu1 all [installed] +update-manager-core/jammy-updates,now 1:22.04.10 all [installed,automatic] +update-notifier-common/jammy-updates,now 3.192.54.6 all [installed] +usb-modeswitch-data/jammy,now 20191128-4 all [installed] +usb-modeswitch/jammy,now 2.6.1-3ubuntu2 amd64 [installed] +usb.ids/jammy,now 2022.04.02-1 all [installed,automatic] +usbutils/jammy,now 1:014-1build1 amd64 [installed,automatic] +usrmerge/jammy,now 25ubuntu2 all [installed,automatic] +util-linux/jammy,now 2.37.2-4ubuntu3 amd64 [installed] +uuid-runtime/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed] +walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 amd64 [installed] +wget/jammy,now 1.21.2-2ubuntu1 amd64 [installed,automatic] +whiptail/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] +wireless-regdb/jammy-updates,jammy-security,now 2022.06.06-0ubuntu1~22.04.1 all [installed,automatic] +xauth/jammy,now 1:1.1-1build2 amd64 [installed,automatic] +xdg-user-dirs/jammy,now 0.17-2ubuntu4 amd64 [installed,automatic] +xfsprogs/jammy,now 5.13.0-1ubuntu2 amd64 [installed] +xkb-data/jammy,now 2.33-1 all [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed] +zip/jammy,now 3.0-12build2 amd64 [installed] +zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 amd64 [installed,automatic] +zstd/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] +=== Installed Packages End +Disk usage: +Filesystem Size Used Avail Use% Mounted on +/dev/root 29G 23G 6.9G 77% / +tmpfs 3.9G 0 3.9G 0% /dev/shm +tmpfs 1.6G 692K 1.6G 1% /run +tmpfs 5.0M 0 5.0M 0% /run/lock +/dev/sda15 105M 6.1M 99M 6% /boot/efi +/dev/sdb1 16G 28K 15G 1% /mnt +tmpfs 794M 0 794M 0% /run/user/1000 +Using kernel: +Linux version 5.15.0-1041-azure (buildd@lcy02-amd64-062) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 +Install completed successfully on Tue Aug 22 17:03:25 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 +Ubuntu version: 22.04 +Hyperv generation: V2 +Feature flags: None +Container runtime: containerd +FIPS enabled: +=== os-release Begin +PRETTY_NAME="Ubuntu 22.04.3 LTS" +NAME="Ubuntu" +VERSION_ID="22.04" +VERSION="22.04.3 LTS (Jammy Jellyfish)" +VERSION_CODENAME=jammy +ID=ubuntu +ID_LIKE=debian +HOME_URL="https://www.ubuntu.com/" +SUPPORT_URL="https://help.ubuntu.com/" +BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" +PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" +UBUNTU_CODENAME=jammy +=== os-release End diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-image-list.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-image-list.json index 1254758cc39..60ff84b4c50 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-image-list.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-image-list.json @@ -1,6 +1,6 @@ { "sku": "2204gen2TLcontainerd", - "imageVersion": "202308.16.0", + "imageVersion": "202308.22.0", "imageBom": [ { "id": "sha256:059484fa426da9daa08645d2746974cfe3379e3bbb0723a47d17195fac09e1ce", @@ -56,6 +56,15 @@ "sha256:c6cfe82826f2ed3cd4d21ccbe5fd99e6fa30458e5cf8e8b49c55c51931f9c5ba" ] }, + { + "id": "sha256:19e2c72dbfaa18200aa6cfa45dbeed041693460b067903d97a18ec33279ae361", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2" + ], + "repoDigests": [ + "sha256:de4d1ae822c86a1c6999461730ec52b22f41c377bb35205549bc7bd3590f08d3" + ] + }, { "id": "sha256:1dc532976c518c12a59aa2f17a8cc33abcafccbd583edc1312e5856e72045f70", "repoTags": [ @@ -110,15 +119,6 @@ "sha256:a2902bec94fbcf29d4cdde3b51c2c4ed3c7c301318aaa9fe4a3632f145d49c18" ] }, - { - "id": "sha256:3bf9dd41de0023d00d0e36851f2a1b445275605321046187c6587c96d36e5d30", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2" - ], - "repoDigests": [ - "sha256:e32392e0efbe218c16a926b04a575443c53e23dfcc4a998368d7a1d13bd4ba6f" - ] - }, { "id": "sha256:3d306f9430b4858d14ec5a6cf2ea7e778d93774598655f8bd9f198119c5fd033", "repoTags": [ @@ -146,6 +146,15 @@ "sha256:ea637368cc11970e1c19d2107f325b52bbda113764f6dc0c60dde23a610fe06d" ] }, + { + "id": "sha256:4456c40567301298b65a9a9ba86c3259ba902020f3399085c8d940f811901fd5", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5" + ], + "repoDigests": [ + "sha256:64e04750f83e7ecc0eefcdd08355b2621639d89d91c9066355bd913df363eb01" + ] + }, { "id": "sha256:459c5c4b90dbc897848165078104c80880148f1aaf17a25c9b9d18b3945076d3", "repoTags": [ @@ -443,15 +452,6 @@ "sha256:01a5157f1c4b46b39e897437b79c8b80477de71a69f7e0ed132d2d268d6fbcb8" ] }, - { - "id": "sha256:9d4b6033796e78942f75559768e180021cdce00746a74290dbb0427f7673ca92", - "repoTags": [ - "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11" - ], - "repoDigests": [ - "sha256:e1568171272f7e1271cf41f9e7c82cb5dccf29a6d515de242f724b11edfdf7c6" - ] - }, { "id": "sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e", "repoTags": [ @@ -552,6 +552,15 @@ "sha256:62bf6716a34c050e656d758ec4faf078fbfc9852d6defe5f3e60f7ac4bdc8e45" ] }, + { + "id": "sha256:b50b83cbf362da61639ae400f472b225fa01aac0818a0c0f35048f895557cf2c", + "repoTags": [ + "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12" + ], + "repoDigests": [ + "sha256:7d3baae1e8ffa363090acf1d6374140c22808de292f135ad769187337e70d6c6" + ] + }, { "id": "sha256:b800f24704acbcc57ff86ecd4505d2698a0cc2a7805a62f261d191fd1f8fdf1c", "repoTags": [ @@ -633,6 +642,15 @@ "sha256:3b9f6cea69c2fc2b8dd8ff3c0e74def2427ba6088ff02077e199816c110eb210" ] }, + { + "id": "sha256:c83a7fed1468a9f31808ad1c085ef834be1ba0419c773133e9c1f49d3541190c", + "repoTags": [ + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6" + ], + "repoDigests": [ + "sha256:62a21629c8fa7f7eac2cd9cc9ff60c90f1b3eb65b18ed88142b8f6649a6d19a2" + ] + }, { "id": "sha256:cc58d4aafe5bb3b871ace9d630d6adf19849a104c184d65efdb113646aa35ff7", "repoTags": [ @@ -723,15 +741,6 @@ "sha256:9bc43937f68018b447cb87ff2020e8ea7b1b9db3b444a1224f3fcef6c3f8bdaf" ] }, - { - "id": "sha256:eaecc356e4fd34cf288b4bfdb3c63378b2db081b043a439d8b851cb61f448f3e", - "repoTags": [ - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4" - ], - "repoDigests": [ - "sha256:7c943abf4675728b0b528f675ad9a5d850a1ebc45ac87f3039df031c56b8a34e" - ] - }, { "id": "sha256:ecd484af32d7197ba0f9c55dc4ad01bf260e46ada9823ac0449f7edc8193c72b", "repoTags": [ diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-images-table.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-images-table.txt index 46520a27395..4cc91fdb5fb 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-images-table.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-images-table.txt @@ -265,41 +265,27 @@ Total: 5 (HIGH: 5, CRITICAL: 0) │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ └────────────────────────────────────┴────────────────┴──────────┴────────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ -mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 (cbl-mariner 2.0.20230630) +mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 (cbl-mariner 2.0.20230805) ========================================================================================= Total: 0 (HIGH: 0, CRITICAL: 0) -opt/telegraf (gobinary) -======================= -Total: 4 (HIGH: 4, CRITICAL: 0) - -┌────────────────────────────────────┬────────────────┬──────────┬──────────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────────────────────────┼────────────────┼──────────┼──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/distribution │ CVE-2023-2253 │ HIGH │ v2.8.1+incompatible │ 2.8.2-beta.1 │ DoS from malicious API request │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2253 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/docker/docker │ CVE-2023-28840 │ │ v23.0.0+incompatible │ 23.0.3, 20.10.24 │ Encrypted overlay network may be unauthenticated │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28840 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/opencontainers/runc │ CVE-2023-27561 │ │ v1.1.4 │ 1.1.5 │ volume mount race condition (regression of CVE-2019-19921) │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27561 │ -├────────────────────────────────────┼────────────────┤ ├──────────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ github.com/snowflakedb/gosnowflake │ CVE-2023-34231 │ │ v1.6.13 │ 1.6.19 │ Snowflake Golang Driver vulnerable to Command Injection │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-34231 │ -└────────────────────────────────────┴────────────────┴──────────┴──────────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ - mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.3 (cbl-mariner 2.0.20230621) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -314,14 +300,20 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.4.44.4 (cbl-mariner 2.0.20230630) ==================================================================================== -Total: 1 (HIGH: 1, CRITICAL: 0) +Total: 3 (HIGH: 3, CRITICAL: 0) -┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤ -│ nghttp2 │ CVE-2023-35945 │ HIGH │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ -└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘ +┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├───────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├───────────┼────────────────┤ ├───────────────────┼───────────────┼────────────────────────────────────────────────┤ +│ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35945 │ +└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────┘ usr/local/bin/azure-cns (gobinary) ================================== @@ -336,12 +328,18 @@ Total: 1 (HIGH: 1, CRITICAL: 0) mcr.microsoft.com/containernetworking/azure-cns:v1.5.5 (cbl-mariner 2.0.20230609) ================================================================================= -Total: 4 (HIGH: 4, CRITICAL: 0) +Total: 6 (HIGH: 6, CRITICAL: 0) ┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ -│ libcap │ CVE-2023-2603 │ HIGH │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ +│ curl │ CVE-2023-28319 │ HIGH │ 8.0.1-2.cm2 │ 8.2.1-1.cm2 │ use after free in SSH sha256 fingerprint check │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-28319 │ +├──────────────┤ │ │ │ │ │ +│ curl-libs │ │ │ │ │ │ +│ │ │ │ │ │ │ +├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ +│ libcap │ CVE-2023-2603 │ │ 2.60-1.cm2 │ 2.60-2.cm2 │ Integer Overflow in _libcap_strdup() │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2603 │ ├──────────────┼────────────────┤ ├───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ nghttp2 │ CVE-2023-35945 │ │ 1.46.0-2.cm2 │ 1.46.0-3.cm2 │ HTTP/2 memory leak in nghttp2 codec │ @@ -533,22 +531,22 @@ mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 (alpine 3.15.1) -============================================================================ +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) -mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 (alpine 3.15.1) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 (alpine 3.15.1) ========================================================================== Total: 0 (HIGH: 0, CRITICAL: 0) @@ -558,152 +556,529 @@ mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 (alpine 3.15.1) Total: 0 (HIGH: 0, CRITICAL: 0) +mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 (alpine 3.15.1) +========================================================================== +Total: 0 (HIGH: 0, CRITICAL: 0) + + mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 (debian 11.7) =================================================================== -Total: 12 (HIGH: 12, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-0386 │ │ 5.10.178-3 │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ -│ │ │ │ │ │ can lead to privilege escalation... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├──────────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼────────────────────────────────────────────────────────────┤ -│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ -│ │ │ │ │ │ X509 policy constraints... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ -└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴────────────────────────────────────────────────────────────┘ +Total: 29 (HIGH: 29, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ libssl1.1 │ CVE-2023-0464 │ HIGH │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ │ 5.10.178-3 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-0386 │ │ │ 5.10.179-1 │ FUSE filesystem low-privileged user privileges escalation │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0386 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ 5.10.191-1 │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31436 │ │ │ 5.10.179-1 │ out-of-bounds write in qfq_change_class function │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31436 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-32233 │ │ │ │ use-after-free in nf_tables when processing batch requests │ +│ │ │ │ │ │ can lead to privilege escalation... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-32233 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├──────────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +├────────────────┼────────────────┤ ├───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤ +│ openssl │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ 1.1.1n-0+deb11u5 │ Denial of service by excessive resource usage in verifying │ +│ │ │ │ │ │ X509 policy constraints... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2650 │ │ │ │ Possible DoS translating ASN.1 object identifiers │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2650 │ +└────────────────┴────────────────┴──────────┴───────────────────┴──────────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1 (debian 11.7) =================================================================== -Total: 5 (HIGH: 5, CRITICAL: 0) - -┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-2156 │ HIGH │ 5.10.179-1 │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ -│ ├────────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-31248 │ │ │ │ use-after-free in nft_chain_lookup_byid() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ -│ ├────────────────┤ │ ├───────────────┼────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 22 (HIGH: 22, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-1 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2156 │ │ │ 5.10.179-2 │ IPv6 RPL protocol reachable assertion leads to DoS │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2156 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ 5.10.191-1 │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-31248 │ │ │ 5.10.179-2 │ use-after-free in nft_chain_lookup_byid() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-31248 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ 5.10.191-1 │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35001 │ │ │ 5.10.179-2 │ stack-out-of-bounds-read in nft_byteorder_eval() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35001 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.1-1 (debian 11.7) ===================================================================== -Total: 2 (HIGH: 2, CRITICAL: 0) - -┌────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤ -│ linux-libc-dev │ CVE-2023-3390 │ HIGH │ 5.10.179-2 │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ -│ │ │ │ │ │ handling named and anonymous sets... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ -│ ├───────────────┤ │ │ ├────────────────────────────────────────────────────────────┤ -│ │ CVE-2023-3610 │ │ │ │ fix chain binding transaction logic in the abort path of │ -│ │ │ │ │ │ NFT_MSG_NEWRULE │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ -└────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘ +Total: 19 (HIGH: 19, CRITICAL: 0) + +┌────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ +├────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ linux-libc-dev │ CVE-2022-39189 │ HIGH │ 5.10.179-2 │ 5.10.191-1 │ TLB flush operations are mishandled in certain │ +│ │ │ │ │ │ KVM_VCPU_PREEMPTED leading to guest malfunctioning... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-39189 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-1380 │ │ │ │ a USB-accessible slab-out-of-bounds read in brcmfmac │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1380 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2007 │ │ │ │ DPT I2O controller TOCTOU information disclosure │ +│ │ │ │ │ │ vulnerability │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2007 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-2124 │ │ │ │ OOB access in the Linux kernel's XFS subsystem │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2124 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-21255 │ │ │ │ In multiple functions of binder.c, there is a possible │ +│ │ │ │ │ │ memory corrupti ...... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-21255 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3090 │ │ │ │ out-of-bounds write caused by unclear skb->cb │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3090 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3111 │ │ │ │ Use after free in prepare_to_relocate in │ +│ │ │ │ │ │ fs/btrfs/relocation.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3111 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3268 │ │ │ │ out-of-bounds access in relay_file_read │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3268 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3389 │ │ │ │ Racing a io_uring cancel poll request with a linked timeout │ +│ │ │ │ │ │ can cause... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3389 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3390 │ │ │ 5.10.179-3 │ UAF in nftables when nft_set_lookup_global triggered after │ +│ │ │ │ │ │ handling named and anonymous sets... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3390 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-35788 │ │ │ 5.10.191-1 │ out-of-bounds write in fl_set_geneve_opt() │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-35788 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3609 │ │ │ │ cls_u32 component reference counter leak if │ +│ │ │ │ │ │ tcf_change_indev() fails │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3609 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3610 │ │ │ 5.10.179-3 │ fix chain binding transaction logic in the abort path of │ +│ │ │ │ │ │ NFT_MSG_NEWRULE │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3610 │ +│ ├────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3611 │ │ │ 5.10.191-1 │ sch_qfq component can be exploited if in qfq_change_agg │ +│ │ │ │ │ │ function happens qfq_enqueue overhead... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3611 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-3776 │ │ │ │ cls_fw component can be exploited as result of failure in │ +│ │ │ │ │ │ tcf_change_indev function... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-3776 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4004 │ │ │ │ improper element removal in function nft_pipapo_remove when │ +│ │ │ │ │ │ insert an element without a... │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4004 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-40283 │ │ │ │ use-after-free in l2cap_sock_release in │ +│ │ │ │ │ │ net/bluetooth/l2cap_sock.c │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40283 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4128 │ │ │ │ cls_fw, cls_u32 and cls_route │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4128 │ +│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ +│ │ CVE-2023-4147 │ │ │ │ nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID │ +│ │ │ │ │ │ leads to use-after-free │ +│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-4147 │ +└────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘ mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 (debian 11.6) =================================================================================== diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-report.json b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-report.json index 3d210bb6d46..d9d05a257c2 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-report.json +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest-trivy-report.json @@ -1,6 +1,6 @@ { "SchemaVersion": 2, - "ArtifactName": "pkrvmjkwr14lv9n", + "ArtifactName": "pkrvm83vlu31vim", "ArtifactType": "filesystem", "Metadata": { "OS": { @@ -20,7 +20,7 @@ }, "Results": [ { - "Target": "pkrvmjkwr14lv9n (ubuntu 22.04)", + "Target": "pkrvm83vlu31vim (ubuntu 22.04)", "Class": "os-pkgs", "Type": "ubuntu", "Vulnerabilities": [ @@ -82,10 +82,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -190,10 +191,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -235,6 +237,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -249,7 +252,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -368,10 +371,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -476,10 +480,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -521,6 +526,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -535,7 +541,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -654,10 +660,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -762,10 +769,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -807,6 +815,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -821,7 +830,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -940,10 +949,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1048,10 +1058,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1093,6 +1104,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1107,7 +1119,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1226,10 +1238,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1334,10 +1347,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1379,6 +1393,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1393,7 +1408,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1512,10 +1527,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1620,10 +1636,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1665,6 +1682,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1679,7 +1697,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -1798,10 +1816,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -1906,10 +1925,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -1951,6 +1971,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -1965,7 +1986,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -2084,10 +2105,11 @@ "https://ubuntu.com/security/notices/USN-6260-1", "https://ubuntu.com/security/notices/USN-6261-1", "https://www.cve.org/CVERecord?id=CVE-2023-3090", - "https://www.debian.org/security/2023/dsa-5448" + "https://www.debian.org/security/2023/dsa-5448", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-31248", @@ -2192,10 +2214,11 @@ "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6255-1", "https://ubuntu.com/security/notices/USN-6260-1", - "https://www.cve.org/CVERecord?id=CVE-2023-3389" + "https://www.cve.org/CVERecord?id=CVE-2023-3389", + "https://www.debian.org/security/2023/dsa-5480" ], "PublishedDate": "2023-06-28T20:15:00Z", - "LastModifiedDate": "2023-07-31T19:15:00Z" + "LastModifiedDate": "2023-08-19T18:16:00Z" }, { "VulnerabilityID": "CVE-2023-3390", @@ -2237,6 +2260,7 @@ "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3390", + "https://security.netapp.com/advisory/ntap-20230818-0004/", "https://ubuntu.com/security/notices/USN-6246-1", "https://ubuntu.com/security/notices/USN-6250-1", "https://ubuntu.com/security/notices/USN-6251-1", @@ -2251,7 +2275,7 @@ "https://www.debian.org/security/2023/dsa-5461" ], "PublishedDate": "2023-06-28T21:15:00Z", - "LastModifiedDate": "2023-08-02T17:15:00Z" + "LastModifiedDate": "2023-08-18T14:15:00Z" }, { "VulnerabilityID": "CVE-2023-35001", @@ -3893,7 +3917,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -3902,7 +3928,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4052,7 +4078,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4061,7 +4089,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4211,7 +4239,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4220,7 +4250,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" }, { "VulnerabilityID": "CVE-2022-41723", @@ -4370,7 +4400,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4379,7 +4411,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, @@ -4532,7 +4564,9 @@ "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-12579.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", @@ -4541,7 +4575,7 @@ "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:00Z", - "LastModifiedDate": "2023-04-21T04:15:00Z" + "LastModifiedDate": "2023-08-16T03:15:00Z" } ] }, diff --git a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest.txt b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest.txt index 80c8afdcb90..89e63660ab1 100644 --- a/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest.txt +++ b/vhdbuilder/release-notes/AKSUbuntu/gen2/2204tlcontainerd/latest.txt @@ -1,4 +1,4 @@ -Starting build on Wed Aug 16 17:08:55 UTC 2023 +Starting build on Tue Aug 22 16:25:27 UTC 2023 Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed): - containerd-wasm-shims v0.3.0 v0.5.1 v0.8.0 - [installed] containerd v1.7.1-1 @@ -26,7 +26,7 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes/apiserver-network-proxy/agent:v0.0.33-hotfix.20221110 - mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.3.4 - mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1 - - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.11 + - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:3.1.12 - mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-06-26-2023-6ee07896 - mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.7.2-main-07-28-2023-0efd3e4e @@ -65,11 +65,12 @@ containerd images pre-pulled: - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.6 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.1 - mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.2 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.4 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.5 - - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.3-2 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.24.6 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.4 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.26.5 - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.1 + - mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.2 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.19.5-3 - mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.21.4 @@ -130,24 +131,24 @@ kubelet/kubectl downloaded: -rwxr-xr-x 1 root root 45047808 Jun 19 17:03 /usr/local/bin/kubectl-1.25.11 -rwxr-xr-x 1 root root 121900256 Jun 19 17:04 /usr/local/bin/kubelet-1.26.6 -rwxr-xr-x 1 root root 48046080 Jun 19 17:04 /usr/local/bin/kubectl-1.26.6 --r-xr--r-- 1 root root 2462 Aug 16 17:08 /usr/local/bin/health-monitor.sh --rwxr-xr-x 1 root root 705 Aug 16 17:08 /usr/local/bin/ci-syslog-watcher.sh --rwxr-xr-x 1 root root 36014944 Aug 16 17:14 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 --rwxr-xr-x 1 root root 47622592 Aug 16 17:14 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 --rwxr-xr-x 1 root root 45334640 Aug 16 17:16 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 --rwxr-xr-x 1 root root 52232184 Aug 16 17:16 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 --rwxr-xr-x 1 root root 53775024 Aug 16 17:19 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 --rwxr-xr-x 1 root root 60175432 Aug 16 17:19 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 --rwxr-xr-x 1 root root 39369104 Aug 16 17:19 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 --rwxr-xr-x 1 root root 35384960 Aug 16 17:20 /usr/local/bin/bpftrace +-r-xr--r-- 1 root root 2462 Aug 22 16:25 /usr/local/bin/health-monitor.sh +-rwxr-xr-x 1 root root 705 Aug 22 16:25 /usr/local/bin/ci-syslog-watcher.sh +-rwxr-xr-x 1 root root 36014944 Aug 22 16:31 /usr/local/bin/containerd-shim-spin-v0-3-0-v1 +-rwxr-xr-x 1 root root 47622592 Aug 22 16:31 /usr/local/bin/containerd-shim-slight-v0-3-0-v1 +-rwxr-xr-x 1 root root 45334640 Aug 22 16:34 /usr/local/bin/containerd-shim-spin-v0-5-1-v1 +-rwxr-xr-x 1 root root 52232184 Aug 22 16:34 /usr/local/bin/containerd-shim-slight-v0-5-1-v1 +-rwxr-xr-x 1 root root 53775024 Aug 22 16:36 /usr/local/bin/containerd-shim-spin-v0-8-0-v1 +-rwxr-xr-x 1 root root 60175432 Aug 22 16:36 /usr/local/bin/containerd-shim-slight-v0-8-0-v1 +-rwxr-xr-x 1 root root 39369104 Aug 22 16:36 /usr/local/bin/containerd-shim-wws-v0-8-0-v1 +-rwxr-xr-x 1 root root 35384960 Aug 22 16:38 /usr/local/bin/bpftrace === Installed Packages Begin Listing... acr-mirror/now 0.1.0 amd64 [installed,local] adduser/jammy,now 3.118ubuntu5 all [installed,automatic] apparmor/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] apt-transport-https/jammy-updates,now 2.4.10 all [installed] -apt-utils/now 2.4.9 amd64 [installed,upgradable to: 2.4.10] -apt/now 2.4.9 amd64 [installed,upgradable to: 2.4.10] +apt-utils/jammy-updates,now 2.4.10 amd64 [installed,automatic] +apt/jammy-updates,now 2.4.10 amd64 [installed,automatic] attr/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic] base-files/jammy-updates,now 12ubuntu4.4 amd64 [installed] base-passwd/jammy,now 3.5.52build1 amd64 [installed] @@ -242,8 +243,8 @@ gdisk/jammy,now 1.0.8-4build1 amd64 [installed,automatic] gettext-base/jammy,now 0.21-4ubuntu4 amd64 [installed,automatic] gir1.2-glib-2.0/jammy,now 1.72.0-1 amd64 [installed,automatic] gir1.2-packagekitglib-1.0/jammy,now 1.2.5-2ubuntu2 amd64 [installed,automatic] -git-man/jammy-updates,jammy-security,now 1:2.34.1-1ubuntu1.9 all [installed,automatic] -git/jammy-updates,jammy-security,now 1:2.34.1-1ubuntu1.9 amd64 [installed] +git-man/jammy-updates,now 1:2.34.1-1ubuntu1.10 all [installed,automatic] +git/jammy-updates,now 1:2.34.1-1ubuntu1.10 amd64 [installed] glusterfs-client/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed] glusterfs-common/jammy-updates,jammy-security,now 10.1-1ubuntu0.1 amd64 [installed,automatic] gnupg-l10n/jammy-updates,jammy-security,now 2.2.27-3ubuntu2.1 all [installed,automatic] @@ -273,9 +274,9 @@ iftop/jammy,now 1.0~pre4-7 amd64 [installed] info/jammy,now 6.8-4build1 amd64 [installed,automatic] init-system-helpers/jammy,now 1.62 all [installed] init/jammy,now 1.62 amd64 [installed] -initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.2 amd64 [installed,automatic] -initramfs-tools-core/jammy-updates,now 0.140ubuntu13.2 all [installed,automatic] -initramfs-tools/jammy-updates,now 0.140ubuntu13.2 all [installed] +initramfs-tools-bin/jammy-updates,now 0.140ubuntu13.4 amd64 [installed,automatic] +initramfs-tools-core/jammy-updates,now 0.140ubuntu13.4 all [installed,automatic] +initramfs-tools/jammy-updates,now 0.140ubuntu13.4 all [installed] inotify-tools/jammy,now 3.22.1.0-2 amd64 [installed] install-info/jammy,now 6.8-4build1 amd64 [installed,automatic] iotop/jammy-updates,now 0.6-24-g733f3f8-1.1ubuntu0.1 amd64 [installed] @@ -301,7 +302,7 @@ libacl1/jammy,now 2.3.1-1 amd64 [installed,automatic] libaio1/jammy,now 0.3.112-13build1 amd64 [installed,automatic] libapparmor1/jammy-updates,now 3.0.4-2ubuntu2.2 amd64 [installed,automatic] libappstream4/jammy,now 0.15.2-2 amd64 [installed,automatic] -libapt-pkg6.0/now 2.4.9 amd64 [installed,upgradable to: 2.4.10] +libapt-pkg6.0/jammy-updates,now 2.4.10 amd64 [installed,automatic] libarchive13/jammy,now 3.6.0-1ubuntu1 amd64 [installed] libargon2-1/jammy,now 0~20171227-0.3 amd64 [installed,automatic] libasan6/jammy-updates,jammy-security,now 11.4.0-1ubuntu1~22.04 amd64 [installed,automatic] @@ -596,7 +597,7 @@ libutempter0/jammy,now 1.2.1-2build2 amd64 [installed,automatic] libuuid1/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] libuv1/jammy,now 1.43.0-1 amd64 [installed,automatic] libvolume-key1/jammy,now 0.3.12-3.1build3 amd64 [installed] -libwbclient0/jammy-security,now 2:4.15.13+dfsg-0ubuntu1.2 amd64 [installed,upgradable to: 2:4.15.13+dfsg-0ubuntu1.3] +libwbclient0/jammy-updates,now 2:4.15.13+dfsg-0ubuntu1.3 amd64 [installed] libwrap0/jammy,now 7.6.q-31build2 amd64 [installed] libx11-6/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 amd64 [installed,automatic] libx11-data/jammy-updates,jammy-security,now 2:1.7.5-1ubuntu0.2 all [installed,automatic] @@ -619,17 +620,17 @@ linux-base-sgx/jammy,now 4.5ubuntu9 all [installed] linux-base/jammy,now 4.5ubuntu9 all [installed,automatic] linux-cloud-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-cloud-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-cloud-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-cloud-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] linux-headers-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-headers-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] linux-image-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-image-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-libc-dev/jammy-updates,now 5.15.0-79.86 amd64 [installed,automatic] +linux-libc-dev/jammy-updates,jammy-security,now 5.15.0-79.86 amd64 [installed,automatic] linux-modules-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-modules-extra-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-tools-5.15.0-1041-azure/jammy-updates,jammy-security,now 5.15.0-1041.48 amd64 [installed] linux-tools-azure/jammy-updates,jammy-security,now 5.15.0.1041.37 amd64 [installed] -linux-tools-common/jammy-updates,now 5.15.0-79.86 all [installed] +linux-tools-common/jammy-updates,jammy-security,now 5.15.0-79.86 all [installed] locales/jammy-updates,now 2.35-0ubuntu3.1 all [installed,automatic] login/jammy-updates,jammy-security,now 1:4.8.1-2ubuntu2.1 amd64 [installed] logrotate/jammy-updates,jammy-security,now 3.19.0-1ubuntu1.1 amd64 [installed,automatic] @@ -802,7 +803,7 @@ shared-mime-info/jammy,now 2.1-2 amd64 [installed,automatic] shim-signed/jammy-updates,now 1.51.3+15.7-0ubuntu1 amd64 [installed] socat/jammy,now 1.7.4.1-3ubuntu4 amd64 [installed] software-properties-common/jammy-updates,now 0.99.22.7 all [installed] -sosreport/jammy-updates,now 4.4-1ubuntu1.22.04.1 amd64 [installed] +sosreport/jammy-updates,now 4.5.6-0ubuntu1~22.04.1 amd64 [installed] ssh-import-id/jammy,now 5.11-0ubuntu1 all [installed] strace/jammy,now 5.16-0ubuntu3 amd64 [installed,automatic] sudo/jammy-updates,jammy-security,now 1.9.9-1ubuntu2.4 amd64 [installed,automatic] @@ -842,10 +843,10 @@ usbutils/jammy,now 1:014-1build1 amd64 [installed,automatic] usrmerge/jammy,now 25ubuntu2 all [installed,automatic] util-linux/jammy,now 2.37.2-4ubuntu3 amd64 [installed] uuid-runtime/jammy,now 2.37.2-4ubuntu3 amd64 [installed,automatic] -vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 all [installed,automatic] -vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed,automatic] -vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed] +vim-common/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-runtime/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 all [installed,automatic] +vim-tiny/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] +vim/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed] walinuxagent/jammy-updates,now 2.2.46-0ubuntu5.1 amd64 [installed] wget/jammy,now 1.21.2-2ubuntu1 amd64 [installed,automatic] whiptail/jammy,now 0.52.21-5ubuntu2 amd64 [installed,automatic] @@ -854,7 +855,7 @@ xauth/jammy,now 1:1.1-1build2 amd64 [installed,automatic] xdg-user-dirs/jammy,now 0.17-2ubuntu4 amd64 [installed,automatic] xfsprogs/jammy,now 5.13.0-1ubuntu2 amd64 [installed] xkb-data/jammy,now 2.33-1 all [installed,automatic] -xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.10 amd64 [installed,automatic] +xxd/jammy-updates,jammy-security,now 2:8.2.3995-1ubuntu2.11 amd64 [installed,automatic] xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed] zip/jammy,now 3.0-12build2 amd64 [installed] zlib1g/jammy-updates,jammy-security,now 1:1.2.11.dfsg-2ubuntu9.2 amd64 [installed,automatic] @@ -862,7 +863,7 @@ zstd/jammy,now 1.4.8+dfsg-3build1 amd64 [installed,automatic] === Installed Packages End Disk usage: Filesystem Size Used Avail Use% Mounted on -/dev/root 29G 22G 7.1G 76% / +/dev/root 29G 23G 6.9G 77% / tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs 1.6G 692K 1.6G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock @@ -871,10 +872,10 @@ tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 794M 0 794M 0% /run/user/1000 Using kernel: Linux version 5.15.0-1041-azure (buildd@lcy02-amd64-062) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 -Install completed successfully on Wed Aug 16 17:43:23 UTC 2023 -VSTS Build NUMBER: 20230816.1_master_78205124 -VSTS Build ID: 78205124 -Commit: 9c7c539087928bbc1a4dbce8e84d403bbe88ac6c +Install completed successfully on Tue Aug 22 17:03:25 UTC 2023 +VSTS Build NUMBER: 20230822.2_master_78489413 +VSTS Build ID: 78489413 +Commit: 2784223407b58bdef964726a952f68809b951db2 Ubuntu version: 22.04 Hyperv generation: V2 Feature flags: None